The FREAK attack (export cipher suites supported)

Description

The FREAK attack is a new SSL/TLS vulnerability that allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use 'export-grade' cryptography, which can then be decrypted or altered. Websites that support RSA export cipher suites (e.g., TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) are at risk to having HTTPS connections intercepted.

Remediation

Reconfigure the affected SSL/TLS server to disable support for any export suites. Mozilla has published a guide and SSL Configuration Generator, which will generate known good configurations for common servers.

References