Changes between Version 4 and Version 5 of SecurityAnnouncement-FREAK


Ignore:
Timestamp:
03/07/15 16:46:30 (2 years ago)
Author:
syzzer
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • SecurityAnnouncement-FREAK

    v4 v5  
    33Fortunately the vulnerability's impact on OpenVPN is fairly small:
    44
    5 * OpenVPN's tls-auth feature prevents this attack
     5* If enabled, OpenVPN's tls-auth feature prevents this attack
    66* Adding ''!EXP'' to the server side tls-cipher is enough to mitigate attacks. The suggested tls-cipher string is ''DEFAULT:!EXP:!LOW:!PSK:!SRP:!kRSA''. This disallows export ciphers, weak ciphers (e.g. DES), and RSA key exchange (note: not RSA authentication), but allows any future, stronger cipher suites.
    77* Clients who wish to rule out this attack on clients prior to 2.3.6-I002/I603 can add ''!kRSA'' to their tls-cipher string