We wrote a blog post: The perfect SSL nginx configuration (<a href="http://blog.commando.io/the-perfect-nginx-ssl-configuration/" rel="nofollow">http://blog.commando.io/the-perfect-nginx-ssl-configuration/</a>) which details all the nginx directives to set to achieve an A+ rating on sslLabs, including mitigation of FREAK, POODLE, and HEARTBLEED.
Please see "Recommended Configurations" in <a href="https://wiki.mozilla.org/Security/Server_Side_TLS" rel="nofollow">https://wiki.mozilla.org/Security/Server_Side_TLS</a> to see which cipher suite you should be using on your server.<p>Above also shows how to configure most common web servers.<p>You can see which cipher suite your server is using at <a href="https://www.ssllabs.com/ssltest/" rel="nofollow">https://www.ssllabs.com/ssltest/</a>
OpenSSL has way too many options that reduce security. A lot of that legacy code needs to be removed outright. Not turned off by some flag, not controlled by some environment variable, <i>removed</i>.<p>(And then, when Rust settles down, OpenSSL needs to be rewritten in Rust, as cleanly as possible.)
I can't believe that they are outright naming vulnerable sites, that is really classless. Even if the data could be gathered by an attacker now that a vulnerability is known, you don't need to go the extra mile to provide it.
If you're using AWS Elastic Load Balancer, then the quick fix is:<p>1) Select the load balancer you want to edit
2) Click the "Listeners" tab
3) Click "change" under the "Cipher" column for the HTTPS row
4) Select the most recent pre-defined security policy, from 2015-02.<p>This should get you an A on SSL Lab's test[1]<p><a href="https://www.ssllabs.com/ssltest/" rel="nofollow">https://www.ssllabs.com/ssltest/</a>
Is there an easy way to check our own servers? I can see the fix is to add !EXPORT to the end of the cipher list, but how do we check that the server requires the fix?<p>Really disappointed with this announcement. Some of the other named exploits have come with repro instructions and usually with a fix (shellshock notwithstanding). This is just a description and a shame list.
That page has a meta description for different vulnerability:
<meta name="description" content="POODLE Attack and SSLv3 Support Measurement" />
<a href="https://freakattack.com/clienttest.html" rel="nofollow">https://freakattack.com/clienttest.html</a><p>I just tested my devices. Linux machines running firefox all passed. On the other hand my Android phone did not, lots of RSA_EXPORT ciphers accepted.<p>But as with nearly every security story: linux/foss software for the WIN!
<a href="http://undeadly.org/cgi?action=article&sid=20150304092744" rel="nofollow">http://undeadly.org/cgi?action=article&sid=20150304092744</a><p>The following CVEs did not apply to LibreSSL:
...
CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA<p>Don't forget: <a href="http://www.openbsdfoundation.org/" rel="nofollow">http://www.openbsdfoundation.org/</a>
To me the whole idea of negotiating ciphers seems broken: a man-in-the-middle will always choose the weakest one.<p>I guess the argument is that cipher negotiation lets you implement stronger crypto without defining a new protocol version, but what is the point of that? An attacker will just negotiate for the weaker cipher anyway (unless this negotiation is cryptographically protected too of course, but this seems so complex in comparison with the rather meaningless "goal" of cipher negotiation).
Here's how I've been testing this:<p>openssl s_client -cipher EXPORT -connect www.example.com:443<p>SSL Labs hasn't listed this vulnerability explicitly yet, but the test seems pretty simple.
Its interesting too me that Firefox is supposedly not vulnerable, yet on both my laptop (Windows 8.1 Firefox 36) and My Desktop (Windows 7 Firefox 36) the website (freakattack.com) says i AM vulnerable?<p>"Warning! Your client is vulnerable to CVE-2015-0204. Even though your client doesn't offer any RSA EXPORT suites, it can still be tricked into using one of them. We encourage you to upgrade your client. "
I've recently been running Hiawatha servers with PolarSSL (recently renamed something else). I have avoided all the most recent bugs.<p><a href="https://tls.mbed.org/" rel="nofollow">https://tls.mbed.org/</a>
Breakdown of FREAK sites (Alexa Top 1M) by country.<p><a href="https://infogr.am/https_sites_that_support_rsa_export_suites" rel="nofollow">https://infogr.am/https_sites_that_support_rsa_export_suites</a>
If you want to check your domains/servers, not just your clients I updated a cipher verification script to just test Export (EXP) ciphers via openssl: <a href="https://gist.github.com/degan/70e8059507d173751294" rel="nofollow">https://gist.github.com/degan/70e8059507d173751294</a>
This is a very disappointing trend in security. Publicly shaming sites into action is not a benefit that outweighs making it easier for attackers. It's ridiculous to argue that it is.
freakattack.com is an IP owned and managed by the University of Michigan. I could not visit the site due to them being in my firewall's ban list caused by unauthorized vulnerability testing against my home network.<p>As an aside I wonder why our tax dollars are being used to support unauthorized vulnerability attempts and for hosting a .com commercial site?<p>Is it legal for the person/people operating freakattack.com to use US Tax Income to fund their own commercial efforts using University resources? I didn't graduate college, maybe it's legal for them to do this?