[Ach] FREAK Attack
L. Aaron Kaplan
aaron at lo-res.org
Wed Mar 4 16:09:18 CET 2015
On Mar 4, 2015, at 3:18 PM, Raoul Bhatia <raoul at bhatia.at> wrote:
> On 2015-03-03 23:53, Aaron Zauner wrote:
>> It seems one of the OpenSSL CVEs from the 8th of jan. got a nice
>> catchy name for itself now as well: https://freakattack.com/
>> For people that do not follow OpenSSL advisorys closely, TL;DR:
>> If you're using an unpatched OpenSSL version or have a cipherstring
>> that allows for RSA_EXPORT you really should be updating by now.
> Do I correctly conclude that
> I am safe if I have followed the ACH guide?
Export ciphers were avoided.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Ach