[Ach] FREAK Attack
azet at azet.org
Wed Mar 4 15:52:50 CET 2015
Raoul Bhatia wrote:
> On 2015-03-03 23:53, Aaron Zauner wrote:
>> It seems one of the OpenSSL CVEs from the 8th of jan. got a nice
>> catchy name for itself now as well: https://freakattack.com/
>> For people that do not follow OpenSSL advisorys closely, TL;DR:
>> If you're using an unpatched OpenSSL version or have a cipherstring
>> that allows for RSA_EXPORT you really should be updating by now.
> Do I correctly conclude that
> I am safe if I have followed the ACH guide?
Yes, but you should update OpenSSL anyway :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Ach