[gnutls-devel] GnuTLS + FREAK

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Fri Mar 6 11:29:24 CET 2015


There was a new attack against few SSL/TLS implementations called
FREAK [0]. This attack relies on being able to modify the client's
state machine and switch it from RSA to RSA-EXPORT. Such an attack is
not possible in the way the GnuTLS' state machine operates, and
moreover modern versions of GnuTLS don't support RSA-EXPORT. Support
for EXPORT ciphersuites was removed back in 2013 [1]. So as it is now,
this attack doesn't affect GnuTLS clients or servers.

regards,
Nikos

[0]. https://freakattack.com/
[1]. https://gitlab.com/gnutls/gnutls/blob/master/NEWS#L768



More information about the Gnutls-devel mailing list