Rule from ssl under security category
Passmarked is made out of users just like you who helped supply some content. Click below to contribute to this rule. We need you.Add content to this rule
The vulnerability dates back to the 1990s, when the US government banned selling crypto software overseas, unless it used export cipher suites which involved encryption keys no longer than 512-bits.
The attack usses the fact that some modern browser clients had (and have on older version) a bug in them, where the bug caused the browser to accept export-grade RSA even if they did not request or broadcasted support. Allowing attackers to downgrade the level of security on a connection provided that the client is vulnerable and the server supports export RSA.
Upgrade OPENSSL on the server along with negating the EXPORT cipher suite, a starting point for a list of safe ciphers would be:
Take note of the
!EXPORT keyword, disabling export-grade RSA.
Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.Sign up to get started