CVE-2015-0204 - "Freak" attack - weak "EXPORT" grade keys

Hello,

I have tested a few UCS with the standard self-produced cert using:

openssl s_client -connect your.UCS.TLD:443 -cipher EXPORT

And it seems like the “RSA-to-EXPORT_RSA downgrade” is possible even with the latest UCS PL 4.0-1. I know the impact is limited, given by the complexity needed for a successful attack. Still, I think the “EXPORT”-grade keys should be disabled asap.
Is this possible with a simple patch for UCS, or do we have to re-issue the certificate?

Best regards,
TP

Hello,

this has been fixed on 01/13 with:
[ul]
[li]Univention Corporate Server 4.0 erratum 27[/li]
[li]Univention Corporate Server 3.2 erratum 272[/li][/ul]

We did not disable the RSA_EXPORT ciphers yet but fixed the actual exploit through which it is possible to force openssl to use/accept an weak export cipher even if it was not requested by the client.

Regards,
Janis Meybohm

Hello,

that’s gread news! Again everything is fixed “automagically” with UCS.

Thanks and best regards,
TP