[Ach] FREAK Attack

Aaron Zauner azet at azet.org
Wed Mar 4 15:52:50 CET 2015

Raoul Bhatia wrote:
> On 2015-03-03 23:53, Aaron Zauner wrote:
>> Hi,
>> It seems one of the OpenSSL CVEs from the 8th of jan. got a nice
>> catchy name for itself now as well: https://freakattack.com/
>> For people that do not follow OpenSSL advisorys closely, TL;DR:
>> If you're using an unpatched OpenSSL version or have a cipherstring
>> that allows for RSA_EXPORT you really should be updating by now.
> Do I correctly conclude that
> I am safe if I have followed the ACH guide?

Yes, but you should update OpenSSL anyway :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150304/c029ac8a/attachment.sig>

More information about the Ach mailing list