Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
SSL:AUDIT:EXPORT-GRADE-CIPHER |
|---|---|
Severity |
Minor |
Recommended |
Yes |
Category |
SSL |
Keywords |
SSL Export Grade Ciphersuite Server Negotiation Attempt |
Release Date |
2018/06/05 |
Update Number |
3070 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
SSL: SSL Export Grade Ciphersuite Server Negotiation Attempt
This signature detects an export grade ciphersuite server negotiation attempt. This export-grade cryptography includes out-of-date encryption key lengths that can then easily be decrypted.
Extended Description
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
Affected Products
- Openssl openssl 0.9.8zc
- Openssl openssl 1.0.0a
- Openssl openssl 1.0.0b
- Openssl openssl 1.0.0c
- Openssl openssl 1.0.0d
- Openssl openssl 1.0.0e
- Openssl openssl 1.0.0f
- Openssl openssl 1.0.0g
- Openssl openssl 1.0.0h
- Openssl openssl 1.0.0i
- Openssl openssl 1.0.0j
- Openssl openssl 1.0.0k
- Openssl openssl 1.0.0l
- Openssl openssl 1.0.0m
- Openssl openssl 1.0.0n
- Openssl openssl 1.0.0o
- Openssl openssl 1.0.1a
- Openssl openssl 1.0.1b
- Openssl openssl 1.0.1c
- Openssl openssl 1.0.1d
- Openssl openssl 1.0.1e
- Openssl openssl 1.0.1f
- Openssl openssl 1.0.1g
- Openssl openssl 1.0.1h
- Openssl openssl 1.0.1i
- Openssl openssl 1.0.1j
References
- CVE: CVE-2015-4000
- CVE: CVE-2015-1637
- CVE: CVE-2015-0204