Changes between Version 4 and Version 5 of SecurityAnnouncement-FREAK
- Timestamp:
- 03/07/15 16:46:30 (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
SecurityAnnouncement-FREAK
v4 v5 3 3 Fortunately the vulnerability's impact on OpenVPN is fairly small: 4 4 5 * OpenVPN's tls-auth feature prevents this attack5 * If enabled, OpenVPN's tls-auth feature prevents this attack 6 6 * Adding ''!EXP'' to the server side tls-cipher is enough to mitigate attacks. The suggested tls-cipher string is ''DEFAULT:!EXP:!LOW:!PSK:!SRP:!kRSA''. This disallows export ciphers, weak ciphers (e.g. DES), and RSA key exchange (note: not RSA authentication), but allows any future, stronger cipher suites. 7 7 * Clients who wish to rule out this attack on clients prior to 2.3.6-I002/I603 can add ''!kRSA'' to their tls-cipher string