[Ach] FREAK Attack

L. Aaron Kaplan aaron at lo-res.org
Wed Mar 4 16:09:18 CET 2015


On Mar 4, 2015, at 3:18 PM, Raoul Bhatia <raoul at bhatia.at> wrote:

> On 2015-03-03 23:53, Aaron Zauner wrote:
>> Hi,
>> It seems one of the OpenSSL CVEs from the 8th of jan. got a nice
>> catchy name for itself now as well: https://freakattack.com/
>> For people that do not follow OpenSSL advisorys closely, TL;DR:
>> If you're using an unpatched OpenSSL version or have a cipherstring
>> that allows for RSA_EXPORT you really should be updating by now.
> 
> Do I correctly conclude that
> I am safe if I have followed the ACH guide?
Yes

Export ciphers were avoided.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20150304/eee4ada1/attachment.sig>


More information about the Ach mailing list