FREAK SSL/TLS vulnerability (CVE-2015-0204)

https://freakattack.com/

A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204.

qazplkm

2015-03-05 19:52:47 +08:00

对普通用户是否有影响？

sanddudu

2015-03-05 19:53:42 +08:00

@qazplkm 有的，你可以进入 Client Test 来测试是否受到影响

qazplkm

2015-03-05 19:56:52 +08:00

@sanddudu 我测了chrome，safe from the FREAK Attack. 不知SSL vpn和ss怎么情况

0x1e240

2015-03-05 21:25:44 +08:00

第一 Alexa Rank 27 sohu.com
原来搜狐支持 SSL
点进去。。。What the FK

phoeagon

2015-03-05 21:39:16 +08:00

上面還有什麼值得買

cmkpl

2015-03-05 21:41:39 +08:00

有没有工具是测试 server 端的呢?

sanddudu

2015-03-05 21:47:23 +08:00

@cmkpl
What should I do?
If you run a web server, you should disable support for any export suites. However, instead of simply excluding RSA export cipher suites, we encourage administrators to disable support for all known insecure ciphers (e.g., there are export cipher suites protocols other than RSA) and enable forward secrecy. Mozilla has published a guide and SSL Configuration Generator, which will generate known good configurations for common servers.

You can check whether a website supports RSA_EXPORT suites using the SSL FREAK Check. However, we also encourage administrators to check their overall site configuration using the Qualys SSL Labs' SSL Server Test, which will identify other potential misconfigurations.

https://tools.keycdn.com/freak
https://www.ssllabs.com/ssltest/

这是一个专为移动设备优化的页面（即为了让你能够在 Google 搜索结果里秒开这个页面），如果你希望参与 V2EX 社区的讨论，你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/174754

V2EX 是创意工作者们的社区，是一个分享自己正在做的有趣事物、交流想法，可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.