[gnutls-devel] GnuTLS + FREAK
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Fri Mar 6 11:29:24 CET 2015
There was a new attack against few SSL/TLS implementations called
FREAK [0]. This attack relies on being able to modify the client's
state machine and switch it from RSA to RSA-EXPORT. Such an attack is
not possible in the way the GnuTLS' state machine operates, and
moreover modern versions of GnuTLS don't support RSA-EXPORT. Support
for EXPORT ciphersuites was removed back in 2013 [1]. So as it is now,
this attack doesn't affect GnuTLS clients or servers.
regards,
Nikos
[0]. https://freakattack.com/
[1]. https://gitlab.com/gnutls/gnutls/blob/master/NEWS#L768
More information about the Gnutls-devel
mailing list