New FREAK SSL Attack CVE-2015-0204
Emmanuel Dreyfus
manu at netbsd.org
Wed Mar 4 16:53:10 UTC 2015
On Wed, Mar 04, 2015 at 06:36:07PM +0200, Adrian Minta wrote:
> Thank you for the answer.
> The "!EXPORT" part is included in "ECDH at STRENGTH:DH at STRENGTH:HIGH", or it
> must be added as well ?
This is not the cipher list I sent. It was:
ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNUL
Mine does not contain any export cipher, yours does.
You can use openssl ciphers to compare cipher lists:
$ openssl ciphers EXPORT|tr ':' '\n' |sort > export
$ openssl ciphers ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL \
|tr ':' '\n' |sort> manu
$ openssl ciphers ECDH at STRENGTH:DH at STRENGTH:HIGH |tr ':' '\n' |sort > adrian
$ join export manu
(nothing)
$ join export adrian
EXP-ADH-DES-CBC-SHA
EXP-ADH-RC4-MD5
EXP-EDH-DSS-DES-CBC-SHA
EXP-EDH-RSA-DES-CBC-SHA
--
Emmanuel Dreyfus
manu at netbsd.org
More information about the dovecot
mailing list