NetTalk Central
NetTalk Web Server => Web Server - Share Knowledge => Topic started by: Bruce on March 04, 2015, 06:35:21 AM
-
Just a quick update for those paying attention to SSL errors;
A new bug called FREAK has been reported. It attacks servers that allow
EXPORT level ciphers for SSL. EXPORT ciphers are very weak (by design) but
some servers still offer them as a viable option when making an SSL
connection.
Summary;
If you are using NetTalk 5.30 or later, and you haven't specifically changed
the .CiphersAllowed property, then this does not affect you.
Longer version;
The levels of SSL are discussed here;
http://www.nettalkcentral.com/index.php?option=com_smf&Itemid=36&topic=1023.0
Specifically the issue with FREAK is the CiphersAllowed property. NetTalk
has included !EXPORT (meaning EXPORT ciphers are explicitly not allowed) in
the default value of this property for a long time now - since at least
version 5.30.
<plug> So once again NetTalk users are safe because it's designed not to
rely on each programmer to get the security right. We default to secure, and
we often tweak the defaults to make things more and more secure. As long as
you stay up to date you benefit from that. </plug>
A good way to test your site to see if it is vulnerable is to use the online
service at
https://www.ssllabs.com/ssltest/
We'll likely chat about this a bit more during the User Group webinar on
Thursday.
Cheers
Bruce
-
Good to know Bruce. Thanks.
-
Just went to the Qualys Blog site and ran the security check on a few customers.
Got a little scared when the result was an F. Says due to OPEN SSL CCS Vulnerability.
I have no idea what most of this stuff is?
Any pointers would be helpfull.