Hi All, I have following two queries, 1. When I specify option -cipher EXPORT in the s_client command, it says connected and cipher changed new cipher EXP-EDH-RSA-DES-CBC-SHA. If I am not requesting -cipher of EXPORT type then it returns DHE-RSA-AES256-SHA Here, when I request cipher of type EXPORT, then new cipher EXP-EDH-RSA-DES-CBC-SHA accepted by client. It means my openSSL is Vulnerable? 2. From many post I have understood that if webserver uses vulnerable openSSL version (0.9.x version previous of 0.9.8zd) for https service, they are vulnerable to Middle Man Attack. Here, if FTP server uses vulnerble openSSL version (0.9.x version previous of 0.9.8zd), is FTP over openSSL service also vulnerable to Middle Man Attack? Please let me know the answer for queries. It will be helpful for me to understand this threat. Thank you, Vikas -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150828/6e843ff7/attachment.html>
