RSA silently downgraded to EXPORT_RSA [client]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All,

I have following two queries,

1. When I specify option -cipher EXPORT in the s_client command, it says
connected and cipher changed new cipher EXP-EDH-RSA-DES-CBC-SHA. If I am
not requesting -cipher of EXPORT type then it returns DHE-RSA-AES256-SHA

Here, when I request cipher of type EXPORT, then new cipher
EXP-EDH-RSA-DES-CBC-SHA accepted by client. It means my openSSL is
Vulnerable?

2. From many post I have understood that if webserver uses vulnerable
openSSL version (0.9.x version previous of 0.9.8zd) for https service, they
are vulnerable to Middle Man Attack.

Here, if FTP server uses vulnerble openSSL version (0.9.x version previous
of 0.9.8zd), is FTP over openSSL service also vulnerable to Middle Man
Attack?

Please let me know the answer for queries. It will be helpful for me to
understand this threat.
Thank you,
Vikas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150828/6e843ff7/attachment.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux