[Ach] FREAK Attack
Aaron Zauner
azet at azet.org
Wed Mar 4 15:52:50 CET 2015
Raoul Bhatia wrote:
> On 2015-03-03 23:53, Aaron Zauner wrote:
>> Hi,
>>
>> It seems one of the OpenSSL CVEs from the 8th of jan. got a nice
>> catchy name for itself now as well: https://freakattack.com/
>>
>> For people that do not follow OpenSSL advisorys closely, TL;DR:
>> If you're using an unpatched OpenSSL version or have a cipherstring
>> that allows for RSA_EXPORT you really should be updating by now.
>
> Do I correctly conclude that
> I am safe if I have followed the ACH guide?
>
Yes, but you should update OpenSSL anyway :)
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150304/c029ac8a/attachment.sig>
More information about the Ach
mailing list