最近收到一个安全漏洞:SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability
THREAT:
The remote SSL/TLS server is vulnerable to FREAK attack when:
1.The "RSA+EXPORT" ciphers are supported;
2.The size of the RSA public key in certificate is stronger than 1024;
3.The temporary RSA key size is less than 1024;
4.The temporary RSA key is stable(used multiple times);
Only SSLv3 and TLSv1 are potentially vulnerable
IMPACT:
Exploitation allows an attacker to bypass security restrictions on the targeted host.
SOLUTION:
Disable RSA_EXPORT cipher suites.
Do not use temporary RSA key multiple times
根据上面的解决方法:
第一个isable RSA_EXPORT cipher suites.已经解决。但是第二个“Do not use temporary RSA key multiple times”不知道怎么配置,求大神帮忙给出具体的配置方法,谢谢啦
