V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
hx1997
V2EX  ›  信息安全

FREAK SSL/TLS vulnerability (CVE-2015-0204)

  •  
  •   hx1997 · 2015-03-05 19:14:59 +08:00 · 3557 次点击
    这是一个创建于 3551 天前的主题,其中的信息可能已经有所发展或是发生改变。
    https://freakattack.com/

    A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204.
    7 条回复    2015-03-05 21:47:23 +08:00
    qazplkm
        1
    qazplkm  
       2015-03-05 19:52:47 +08:00
    对普通用户是否有影响?
    sanddudu
        2
    sanddudu  
       2015-03-05 19:53:42 +08:00
    @qazplkm 有的,你可以进入 Client Test 来测试是否受到影响
    qazplkm
        3
    qazplkm  
       2015-03-05 19:56:52 +08:00
    @sanddudu 我测了chrome,safe from the FREAK Attack. 不知SSL vpn和ss怎么情况
    0x1e240
        4
    0x1e240  
       2015-03-05 21:25:44 +08:00
    第一 Alexa Rank 27 sohu.com
    原来搜狐支持 SSL
    点进去。。。What the FK
    phoeagon
        5
    phoeagon  
       2015-03-05 21:39:16 +08:00
    上面還有 什麼值得買
    cmkpl
        6
    cmkpl  
       2015-03-05 21:41:39 +08:00
    有没有工具是测试 server 端的呢?
    sanddudu
        7
    sanddudu  
       2015-03-05 21:47:23 +08:00   ❤️ 3
    @cmkpl
    What should I do?
    If you run a web server, you should disable support for any export suites. However, instead of simply excluding RSA export cipher suites, we encourage administrators to disable support for all known insecure ciphers (e.g., there are export cipher suites protocols other than RSA) and enable forward secrecy. Mozilla has published a guide and SSL Configuration Generator, which will generate known good configurations for common servers.

    You can check whether a website supports RSA_EXPORT suites using the SSL FREAK Check. However, we also encourage administrators to check their overall site configuration using the Qualys SSL Labs' SSL Server Test, which will identify other potential misconfigurations.

    https://tools.keycdn.com/freak
    https://www.ssllabs.com/ssltest/
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1960 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 00:42 · PVG 08:42 · LAX 16:42 · JFK 19:42
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.