RSA silently downgraded to EXPORT_RSA [client]

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

RSA silently downgraded to EXPORT_RSA [client]


Hi All,

I have following two queries,

1. When I specify option -cipher EXPORT in the s_client command, it says connected and cipher changed new cipher EXP-EDH-RSA-DES-CBC-SHA. If I am not requesting -cipher of EXPORT type then it returns DHE-RSA-AES256-SHA

Here, when I request cipher of type EXPORT, then new cipher EXP-EDH-RSA-DES-CBC-SHA accepted by client. It means my openSSL is Vulnerable?

2. From many post I have understood that if webserver uses vulnerable openSSL version (0.9.x version previous of 0.9.8zd) for https service, they are vulnerable to Middle Man Attack.

Here, if FTP server uses vulnerble openSSL version (0.9.x version previous of 0.9.8zd), is FTP over openSSL service also vulnerable to Middle Man Attack?

Please let me know the answer for queries. It will be helpful for me to understand this threat.
Thank you,

openssl-users mailing list
To unsubscribe: