CVE-2015-0204:OpenSSL 的弱點攻擊 (Android 與 iOS)

CVE-2015-0204 的說明:

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.

本來是被 OpenSSL 標成低危險性 (出自 secadv_20150108.txt):

RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
Severity: Low

不過新的攻擊利用這個弱點放大,叫做「FREAK Attack」,可以強制使用 RSA_EXPORT suite 所列的 cipher,而這些 cipher 通常長度都不夠,於是就可以解:

A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204. Vulnerable clients include many Google and Apple devices (which use unpatched OpenSSL), a large number of embedded systems, and many other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites.

影響的範圍主要是支援 RSA_EXPORT suite 的 server:

Websites that support RSA export cipher suites (e.g., TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) are at risk to having HTTPS connections intercepted.

應該是把 !EXPORT 設上去就可以解掉,不過還是花點時間 review,把可以關掉的舊技術都拔掉會比較好。