NetTalk Central

Author Topic: Security alert : FREAK bug  (Read 4265 times)

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11155
    • View Profile
Security alert : FREAK bug
« on: March 04, 2015, 06:35:21 AM »
Just a quick update for those paying attention to SSL errors;

A new bug called FREAK has been reported. It attacks servers that allow
EXPORT level ciphers for SSL. EXPORT ciphers are very weak (by design) but
some servers still offer them as a viable option when making an SSL
connection.

Summary;

If you are using NetTalk 5.30 or later, and you haven't specifically changed
the .CiphersAllowed property, then this does not affect you.

Longer version;
The levels of SSL are discussed here;
http://www.nettalkcentral.com/index.php?option=com_smf&Itemid=36&topic=1023.0
Specifically the issue with FREAK is the CiphersAllowed property. NetTalk
has included !EXPORT (meaning EXPORT ciphers are explicitly not allowed) in
the default value of this property for a long time now - since at least
version 5.30.

<plug> So once again NetTalk users are safe because it's designed not to
rely on each programmer to get the security right. We default to secure, and
we often tweak the defaults to make things more and more secure. As long as
you stay up to date you benefit from that. </plug>

A good way to test your site to see if it is vulnerable is to use the online
service at
https://www.ssllabs.com/ssltest/

We'll likely chat about this a bit more during the User Group webinar on
Thursday.

Cheers
Bruce


urayoan

  • Full Member
  • ***
  • Posts: 222
    • View Profile
    • AZ Rock Radio
Re: Security alert : FREAK bug
« Reply #1 on: March 04, 2015, 07:44:46 AM »
Good to know Bruce. Thanks.

broche

  • Sr. Member
  • ****
  • Posts: 336
    • View Profile
    • Email
Re: Security alert : FREAK bug
« Reply #2 on: November 24, 2015, 11:55:45 AM »
Just went to the Qualys Blog site and ran the security check on a few customers.
Got a little scared when the result was an F.  Says due to OPEN SSL CCS Vulnerability.
I have no idea what most of this stuff is?

Any pointers would be helpfull.

Brian