Hello, -----------------------------------------------------------------------------------
Does LibreSSL supports RSA export-grade keys? - FREAK Attack "Apple's SecureTransport and OpenSSL -- have a bug in them. This bug causes them to accept RSA export-grade keys *even when the client didn't ask for export-grade RSA.* The impact of this bug can be quite nasty: it admits a 'man in the middle' attack whereby an active attacker can force down the quality of a connection, provided that the client is vulnerable *and *the server supports export RSA. The MITM attack works as follows: 1. In the client's Hello message, it asks for a standard 'RSA' ciphersuite. 2. The MITM attacker changes this message to ask for 'export RSA'. 3. The server responds with a 512-bit export RSA key, signed with its long-term key. 4. The client accepts this weak key due to the OpenSSL/SecureTransport bug. 5. The attacker factors the RSA modulus to recover the corresponding RSA decryption key. 6. When the client encrypts the 'pre-master secret' to the server, the attacker can now decrypt it to recover the TLS 'master secret'. 7. From here on out, the attacker sees plaintext and can inject anything it wants." http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html -->> UPDATE: http://undeadly.org/cgi?action=article&sid=20150304092744 The following CVEs did not apply to LibreSSL: ... CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA why doesn't it apply? The US Export cyphers were removed? :) ----------------------------------------------------------------------------------- Couldn't LibreSSL only have HIGH ciphers and only PFS? All others should be removed, no? openssl ciphers HIGH ----------------------------------------------------------------------------------- Thanks, http://www.openbsdfoundation.org/
