New FREAK SSL Attack CVE-2015-0204

[Adrian Minta]

On 04.03.2015 18:53, Emmanuel Dreyfus wrote:
> On Wed, Mar 04, 2015 at 06:36:07PM +0200, Adrian Minta wrote:
>> Thank you for the answer.
>> The "!EXPORT" part is included in "ECDH at STRENGTH:DH at STRENGTH:HIGH", or it
>> must be added as well ?
> This is not the cipher list I sent. It was:
> ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNUL
>
> Mine does not contain any export cipher, yours does.
> You can use openssl ciphers to compare cipher lists:
>
> $ openssl ciphers EXPORT|tr ':' '\n' |sort > export
> $ openssl ciphers ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL \
>    |tr ':' '\n' |sort> manu
> $ openssl ciphers ECDH at STRENGTH:DH at STRENGTH:HIGH |tr ':' '\n' |sort > adrian
> $ join export manu
> (nothing)
> $ join export adrian
> EXP-ADH-DES-CBC-SHA
> EXP-ADH-RC4-MD5
> EXP-EDH-DSS-DES-CBC-SHA
> EXP-EDH-RSA-DES-CBC-SHA
>
>
I was using 
HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4 in apache.
You are using 
ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL for dovecot.

I didn't know how to compare both settings. Now I know, and I see that 
my "!EXPORT" part is covered by your "ECDH at STRENGTH:DH at STRENGTH:HIGH" part.

$openssl ciphers 
HIGH:MEDIUM:\!aNULL:\!eNULL:\!EXPORT:\!CAMELLIA:\!DES:\!MD5:\!PSK:\!RC4 
| tr ':' '\n' |sort > /tmp/adrian
$openssl ciphers 
ECDH at STRENGTH:DH at STRENGTH:HIGH:\!RC4:\!MD5:\!DES:\!aNULL:\!eNULL | tr 
':' '\n' |sort > /tmp/manu
$diff adrian manu
  6a7,8
  > CAMELLIA128-SHA
  > CAMELLIA256-SHA
  13a16,17
  > DHE-DSS-CAMELLIA128-SHA
  > DHE-DSS-CAMELLIA256-SHA
  20a25,26
  > DHE-RSA-CAMELLIA128-SHA
  > DHE-RSA-CAMELLIA256-SHA
  52c58,60
  < SEED-SHA
  ---
  > PSK-3DES-EDE-CBC-SHA
  > PSK-AES128-CBC-SHA
  > PSK-AES256-CBC-SHA

The main difference is the support for CAMELLIA and PSK. Unfortunately I 
don't now enough to say if is good or bad to support any of those two.


Thank you !

-- 
Best regards,
Adrian Minta