www.percona.com
Open in
urlscan Pro
2606:4700:10::ac43:89d
Public Scan
URL:
https://www.percona.com/blog/2015/03/05/test-cve-2015-0204-freak-ssl-security-flaw-affects/
Submission: On November 13 via manual from IL — Scanned from DE
Submission: On November 13 via manual from IL — Scanned from DE
Form analysis 2 forms found in the DOM
GET /search
<form action="/search" method="get" class="searchform " __bizdiag="115" __biza="WJ__">
<div class="searchform-fields">
<span class="text"><input name="s" value="" placeholder="Search…" autocomplete="off" type="text"></span>
<span class="button-wrap"><button class="btn btn-special" title="Search" type="submit"><i class="fa fa-search"></i></button></span>
</div>
</form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/758664/c178618e-7332-4db5-997a-391300511058
<form id="hsForm_c178618e-7332-4db5-997a-391300511058" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/758664/c178618e-7332-4db5-997a-391300511058"
class="hs-form-private hsForm_c178618e-7332-4db5-997a-391300511058 hs-form-c178618e-7332-4db5-997a-391300511058 hs-form-c178618e-7332-4db5-997a-391300511058_431e352d-9f52-451c-9912-5591bd2d3ba5 hs-form stacked hs-custom-style"
target="target_iframe_c178618e-7332-4db5-997a-391300511058" data-instance-id="431e352d-9f52-451c-9912-5591bd2d3ba5" data-form-id="c178618e-7332-4db5-997a-391300511058" data-portal-id="758664">
<div>
<div class="hs-richtext hs-main-font-element">
<h3 style="text-align: center;"><span style="text-transform: uppercase; color: #e97e03;"><strong>STAY UP-TO-DATE With Percona!</strong></span></h3>
<p><span style="text-transform: uppercase; color: #e97e03;"><strong><img src="https://learn.percona.com/hubfs/p.jpg" alt="p" width="44"
style="width: 44px; max-width: 44px; display: block; margin-left: auto; margin-right: auto;"></strong></span></p>
<p><span style="color: #777777;"><strong>Join 50,000+ of your fellow open-source enthusiasts!<span style="font-weight: 400;"> Our newsletter provides updates on Percona open source software releases, technical resources, and valuable MySQL,
MariaDB, PostgreSQL, and MongoDB-related articles. Get information about Percona Live, our technical webinars, and upcoming events and meetups where you can talk with our experts.</span></strong></span><span
style="color: #777777;"><span style="font-weight: 400;"></span></span></p>
</div>
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-c178618e-7332-4db5-997a-391300511058" class="" placeholder="Enter your <strong>Enter your work email address:</strong>"
for="email-c178618e-7332-4db5-997a-391300511058"><span><strong>Enter your work email address:</strong></span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-c178618e-7332-4db5-997a-391300511058" name="email" required="" placeholder="" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
</div>
<div class="hs_ga_campaign hs-ga_campaign hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-ga_campaign-c178618e-7332-4db5-997a-391300511058" class="" placeholder="Enter your GA Campaign"
for="ga_campaign-c178618e-7332-4db5-997a-391300511058"><span>GA Campaign</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="ga_campaign" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_ga_content hs-ga_content hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-ga_content-c178618e-7332-4db5-997a-391300511058" class="" placeholder="Enter your GA Content"
for="ga_content-c178618e-7332-4db5-997a-391300511058"><span>GA Content</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="ga_content" class="hs-input" type="hidden" value="undefined"></div>
</div>
<div class="hs_ga_medium hs-ga_medium hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-ga_medium-c178618e-7332-4db5-997a-391300511058" class="" placeholder="Enter your GA Medium"
for="ga_medium-c178618e-7332-4db5-997a-391300511058"><span>GA Medium</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="ga_medium" class="hs-input" type="hidden" value="(none)"></div>
</div>
<div class="hs_ga_source hs-ga_source hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-ga_source-c178618e-7332-4db5-997a-391300511058" class="" placeholder="Enter your GA Source"
for="ga_source-c178618e-7332-4db5-997a-391300511058"><span>GA Source</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="ga_source" class="hs-input" type="hidden" value="(direct)"></div>
</div>
<div class="hs_ga_term hs-ga_term hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-ga_term-c178618e-7332-4db5-997a-391300511058" class="" placeholder="Enter your GA Term"
for="ga_term-c178618e-7332-4db5-997a-391300511058"><span>GA Term</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="ga_term" class="hs-input" type="hidden" value="undefined"></div>
</div>
<div class="hs_conversion_page hs-conversion_page hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-conversion_page-c178618e-7332-4db5-997a-391300511058" class="" placeholder="Enter your Conversion Page"
for="conversion_page-c178618e-7332-4db5-997a-391300511058"><span>Conversion Page</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="conversion_page" class="hs-input" type="hidden" value="/blog/2015/03/05/test-cve-2015-0204-freak-ssl-security-flaw-affects/"></div>
</div>
<div class="hs_landing_page hs-landing_page hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-landing_page-c178618e-7332-4db5-997a-391300511058" class="" placeholder="Enter your Landing Page"
for="landing_page-c178618e-7332-4db5-997a-391300511058"><span>Landing Page</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="landing_page" class="hs-input" type="hidden" value="/blog/2015/03/05/test-cve-2015-0204-freak-ssl-security-flaw-affects/"></div>
</div>
<div class="legal-consent-container">
<div class="hs-richtext">
<p>By submitting my information I agree that Percona may use my personal data in send communication to me about Percona services. I understand that I can unsubscribe from the communication at any time in accordance with
the <a href="https://www.percona.com/20180524-privacy-policy" rel="noopener" target="_blank">Percona Privacy Policy</a>.</p>
</div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Sign Me Up!"></div>
</div><input name="hs_context" type="hidden"
value="{"formTarget":"#hbspt-form-431e352d-9f52-451c-9912-5591bd2d3ba5","sfdcCampaignId":"70116000000oZ9pAAE","pageUrl":"https://www.percona.com/blog/2015/03/05/test-cve-2015-0204-freak-ssl-security-flaw-affects/","pageTitle":"Does the CVE-2015-0204 FREAK SSL security flaw affect you?","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36","timestamp":1668331139135,"originalEmbedContext":{"portalId":"758664","formId":"c178618e-7332-4db5-997a-391300511058","region":"na1","target":"#hbspt-form-431e352d-9f52-451c-9912-5591bd2d3ba5","isBuilder":false,"isTestPage":false,"sfdcCampaignId":"70116000000oZ9pAAE","pageTitle":"Does the CVE-2015-0204 FREAK SSL security flaw affect you?","pageUrl":"https://www.percona.com/blog/2015/03/05/test-cve-2015-0204-freak-ssl-security-flaw-affects/","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36"},"correlationId":"431e352d-9f52-451c-9912-5591bd2d3ba5","legalConsentOptions":"{\"legitimateInterestSubscriptionTypes\":[891148,5341787],\"communicationConsentCheckboxes\":[{\"communicationTypeId\":1483370,\"label\":\"I agree to receive other communications from Percona.\",\"required\":false}],\"legitimateInterestLegalBasis\":\"LEGITIMATE_INTEREST_PQL\",\"communicationConsentText\":\"Percona is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:\",\"processingConsentType\":\"IMPLICIT\",\"processingConsentText\":\"In order to provide you the content requested, we need to store and process your personal data. If you consent to us storing your personal data for this purpose, please tick the checkbox below.\",\"processingConsentCheckboxLabel\":\"I agree to allow Percona to store and process my personal data.\",\"privacyPolicyText\":\"<p>By submitting my information I agree that Percona may use my personal data in send communication to me about&nbsp;Percona services. I understand that I can unsubscribe from the communication at any time in accordance with the&nbsp;<a href=\\\"https://www.percona.com/20180524-privacy-policy\\\" rel=\\\"noopener\\\" target=\\\"_blank\\\">Percona Privacy Policy</a>.</p>\",\"isLegitimateInterest\":true}","embedAtTimestamp":"1668331137763","formDefinitionUpdatedAt":"1631285582405","__hsfp":1059085154,"__hssc":"221416967.1.1668331139112","__hstc":"221416967.93d09d3c9d0041b935ee9f4aa0528dd1.1668331139111.1668331139111.1668331139111.1","contentType":"blog-post","hutk":"93d09d3c9d0041b935ee9f4aa0528dd1","renderedFieldsIds":["email","ga_campaign","ga_content","ga_medium","ga_source","ga_term","conversion_page","landing_page"],"captchaStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.2310","sourceName":"forms-embed","sourceVersion":"1.2310","sourceVersionMajor":"1","sourceVersionMinor":"2310"}"><iframe
name="target_iframe_c178618e-7332-4db5-997a-391300511058" style="display: none;"></iframe>
</form>Text Content
Cookie Policy
We use cookies to personalize content and ads, to provide social media features,
and to analyze our traffic. Learn More
Allow cookiesContinue Without Accepting Cookie Preferences
* Percona Live
* About Us
* Contact Us
* Discover
FEATURED
Percona Platform
A unified experience for developers and database administrators to monitor,
manage, secure, and optimize database environments on any infrastructure.
Learn More
BY SERVICE
BY PRODUCT
Support
* MySQL Support
* MongoDB Support
* MariaDB Support
* PostgreSQL Support
* DBaaS Support
* High Availability Support
* Flexible Pricing
* Support Tiers
* Technical Account Managers
Managed Services
* Percona Managed Database Services
* Percona Advanced Managed Database Service
Consulting
* Percona Cloud Cover
* Percona Open Source Advance
* Percona and Microsoft Azure Partnership
Policies Training
Percona Monitoring and Management MySQL Databsase Software
* Percona Distribution for MySQL
* Percona Server for MySQL
* Percona XtraDB Cluster
* Percona XtraBackup
MongoDB Database Software
* Percona Distribution for MongoDB
* Percona Server for MongoDB
* Percona Backup for MongoDB
PostgreSQL Database Software Open Source Database Tools
* Percona Toolkit
Percona Kubernetes Operators Software Downloads
* Resources
* 2020 Survey Results
* Webinars
* Solution Briefs
* Datasheets
* Case Studies
* Technical Presentations
* Videos
* White Papers
* Product Documentation
* About
* About Percona
* Contact Us
* Customers
* Percona 15th Anniversary
* In The News
* Percona Live
* Careers
* Percona Lifestyle
* Events
* Blog
* Community
* Forums
* Community Blog
* PMM Community Contributions
HOW TO TEST IF CVE-2015-0204 FREAK SSL SECURITY FLAW AFFECTS YOU
Back to the Blog
05 Mar 2015
David Busby2015-03-06T09:25:58-05:00
By David Busby MySQL, Security client, CVE-2015-0204, David Busby, FREAK, MySQL,
Primary, security, Server, SSL 1 Comment
The CVE-2015-0204 FREAK SSL vulnerability abuses intentionally weak “EXPORT”
ciphers which could be used to perform a transparent Man In The Middle attack.
(We seem to be continually bombarded with not only SSL vulnerabilities but the
need to name vulnerabilities with increasing odd names.)
IS YOUR SERVER VULNERABLE?
This can be tested using the following GIST
If the result is 0; the server is not providing the EXPORT cipher; and as such
is not vulnerable.
IS YOUR CLIENT VULNERABLE?
Point your client to https://oneiroi.co.uk:4443/test if this returns
“Vulnerable” then the client is vulnerable, if you find a connection error your
client should not be vulnerable for example:
root@host:/tmp$ openssl version
OpenSSL 1.0.1e 11 Feb 2013
root@host:/tmp$ curl https://oneiroi.co.uk:4443/test -k
Vulnerable
root@host:/tmp$ openssl s_client -connect oneiroi.co.uk:4443
CONNECTED(00000003)
depth=0 C = XX, L = Default City, O = Default Company Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = XX, L = Default City, O = Default Company Ltd
verify return:1
—
Certificate chain
0 s:/C=XX/L=Default City/O=Default Company Ltd
i:/C=XX/L=Default City/O=Default Company Ltd
—
Server certificate
—–BEGIN CERTIFICATE—–
MIIDVzCCAj+gAwIBAgIJANvTn7jl
…
[root@3654e4df1cc2 bin]# curl https://oneiroi.co.uk:4443/test -k
curl: (35) Cannot communicate securely with peer: no common encryption
algorithm(s).
[root@3654e4df1cc2 bin]# openssl s_client -connect oneiroi.co.uk:4443
CONNECTED(00000003)
139942442694560:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure:s23_clnt.c:744:
…
In short a vulnerable client will complete the connection, and a non vulnerable
client should present an SSL handshake failure error.
DIY
You can recreate this setup yourself
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mycert.pem -out
mycert.pem;
openssl s_server -cipher EXPORT -accept 4443 -cert mycert.pem -HTTP;
IS MYSQL AFFECTED ?
Some of the code per the POODLE Blog post can be re-purposed here.
mysql -Bse "SHOW STATUS LIKE 'Ssl_cipher_list'" | sed 's/:/n/g' | grep EXP | wc
-l
A result of 0 means the MySQL instance does not support any of the EXPORT
ciphers, and thus should not be vulnerable to this attack.
HOW ABOUT OTHER CLIENTS?
Most clients link to another library for SSL purposes; however there are
examples where this is not the case; take for example golang
http://golang.org/pkg/crypto/tls/ which partially implements the TLS1.2 RFC.
The following test code however shows golang does not appear to be affected.
package main
import (
“fmt”
“net/http”
“crypto/tls”
)
func main() {
tr := &http.Transport{
TLSClientConfig: &tls.Config{},
DisableCompression: true,
}
client := &http.Client{Transport: tr}
resp, err := client.Get(“https://oneiroi.co.uk:4443/test”)
fmt.Println(err)
fmt.Println(resp)
}
Get https://oneiroi.co.uk:4443/test: remote error: handshake failure
SSLLABS
Qualys’s SSLLabs now have a test avaialble here:
https://dev.ssllabs.com/ssltest/viewMyClient.html
REFERENCES
* https://www.smacktls.com/
* https://freakattack.com/
* http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html
* https://blogs.akamai.com/2015/03/cve-2015-0204-getting-out-of-the-export-business.html
RELATED
Advisory on Heartbleed (CVE-2014-0160) for Percona’s customers and usersApril
14, 2014In "MySQL"
Heartbleed: Separating FAQ From FUDApril 9, 2014In "Insight for DBAs"
How to close POODLE SSLv3 security flaw (CVE-2014-3566)October 15, 2014In
"MySQL"
STAY UP-TO-DATE WITH PERCONA!
Join 50,000+ of your fellow open-source enthusiasts! Our newsletter provides
updates on Percona open source software releases, technical resources, and
valuable MySQL, MariaDB, PostgreSQL, and MongoDB-related articles. Get
information about Percona Live, our technical webinars, and upcoming events and
meetups where you can talk with our experts.
Enter your work email address:*
GA Campaign
GA Content
GA Medium
GA Source
GA Term
Conversion Page
Landing Page
By submitting my information I agree that Percona may use my personal data in
send communication to me about Percona services. I understand that I can
unsubscribe from the communication at any time in accordance with the Percona
Privacy Policy.
AUTHOR
David Busby
David is an Information Security Architect, and CISSP qualified. He has worked
with Percona since 2013 and has over 17 years' experience in DevOps, databases
and security. David is a Ju-Jitsu instructor, assistant scout leader and also
volunteers at a local secondary school to teach kids computing.
--------------------------------------------------------------------------------
SHARE THIS POST
FacebookTwitterLinkedInEmail
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Josh White
7 years ago
Here’s a useful SSL FREAK Checker: https://tools.keycdn.com/freak
Let’s you know if your site is vulnerable.
0
--------------------------------------------------------------------------------
HOW CAN WE HELP?
Maximize your application performance with our open source database support,
managed services or consulting.
Talk to an Expert
SUBSCRIBE
Want to get weekly updates listing the latest blog posts? Subscribe now and
we'll send you an update every Friday at 1pm ET.
Subscribe to our blog
CATEGORIES
* MySQL(3604)
* Insight for DBAs(1852)
* Percona Software(1808)
* Percona Events(894)
* MongoDB(654)
* Insight for Developers(559)
* Cloud(387)
* Benchmarks(355)
* Percona Live(350)
* Webinars(311)
* PostgreSQL(266)
* Monitoring(224)
* Percona Services(200)
* MariaDB(161)
* Security(154)
* ProxySQL(136)
* Hardware and Storage(111)
* Database Trends(78)
* Storage Engine(69)
* Percona Announcements(27)
* Percona Platform(2)
Percona Blog RSS Feed
SERVICES
* Support
* Managed Services
* Consulting
* Training
PRODUCTS
* MySQL Software
* MongoDB Software
* PostgreSQL Distribution
* Percona Operators
* Monitoring & Management
RESOURCES
* Solution Briefs
* White Papers
* Webinars
* Case Studies
* Datasheets
* Documentation
MORE
* Blog
* Community Blog
* Technical Forum Help
ABOUT
* Customers
* Newsroom
* About
* Careers
CONTACT US
* Sales & General Inquiries
* (888) 316-9775 (USA)
* (208) 473-2904 (USA)
* +44 203 608 6727 (UK)
* 0-808-169-6490 (UK)
MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Proudly running Percona Server for MySQL
*
*
*
*
*
*
Terms of Use | Privacy | Copyright | Legal | Security Center
Copyright © 2006-2022 Percona LLC.
wpDiscuz
Insert
SUBSCRIBE TO NOTIFICATIONS
Turn on the notifications for this website to receive the latest news and
updates.
No thanksSubscribe