Recently a security vulnerability, dubbed “FREAK Attack” was reported that affects certain versions of OpenSSL, the popular open source encryption library which is used in many server products such as Apache. Specifically, the ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA […]
↧
