FREAK – Yet another new exploit!

freak - yet another new exploit!

Firstly, FREAK stands for "Factoring Attack on RSA-EXPORT Keys" and is officially designated as CVE-2015-0204. It is a weakness in some implementations of SSL/TLS that may allow an attacker (known as a man-in-the-middle attack) to decrypt secure communications between vulnerable clients and servers.

The new SSL/TLS vulnerability was announced on Tuesday, March 3, 2015, and allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption.

Being a man in the middle attack does make the likelihood of you being affected less likely, but if you travel and use free wifi you may put yourself in a position to be attacked. The FREAK attack is possible when a vulnerable browser connects to a susceptible web server—a server that accepts “export-grade” encryption. 

The attack succeeds because it allows an attacker to force the browser to use a weaker export-grade encryption. The initial list of vulnerably browsers was:

  • Internet Explorer (A patch should be available now).
  • Chrome on MAC OS
  • Chrome on Android
  • Safari on Mac OS
  • Safari on iOS
  • Stock Android Browser
  • Blackberry Browser
  • Opera on Mac OS

So far Google has released an updated version of its Android OS and Chrome browser for OS X to mitigate the vulnerability while Microsoft has also released a security advisory that includes a workaround for supported Windows systems. For a full list of this years advisories, see here: Security Advisories for 2015

Who is at risk?

More than a third of all servers with browser-trusted certificates are at risk. Keep in mind this attack is not as severe as Heartbleed and POODLE but considering the number of affected servers don't underestimate the issue.

  Currently Vulnerable Change Since Mar. 3
HTTPS servers at Alexa Top 1 Million domain names 9.5% down from 12.2%
HTTPS servers with browser-trusted certificates 36.7% unchanged
All HTTPS servers 26.3% unchanged


If you have a server that might be effected you can disable support for TLS export cipher suites. While you’re at it, you should also disable other cipher suites that are known to be insecure and enable forward secrecy. For a typically Apache webs server a vhost file will look like this:

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile      /path/to/signed_certificate
    SSLCertificateChainFile /path/to/intermediate_certificate
    SSLCertificateKeyFile   /path/to/private/key
    SSLCACertificateFile    /path/to/all_ca_certs

    # modern configuration, tweak to your needs
    SSLProtocol             all -SSLv2 -SSLv3 -TLSv1
    SSLHonorCipherOrder     on

    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
    Header always add Strict-Transport-Security "max-age=15768000"

What do I need to do?


For instructions on how to secure popular HTTPS server software, we recommend Mozilla’s security configuration guide and their SSL configuration generator. Basically, you need to remove/disable SSL protocol support and support for TLS v1

Testing a Server

open a terminal session on a Linux workstation with OpenSSL installed and attempt to connect to your target also specify the cipher to use, in this case "EXPORT". If it fails to renegotiate you should get the following output:

$ openssl s_client -connect -cipher EXPORT
139895902082720:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 111 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

Clients – Test your browser!

You can test your browser here: on the first line the site will tell you if you are vulnerable!

If you are vulnerable, you need to patch your web browser.

Back to the Blog

avatar of sid young

Sid Young

  • Conetix
  • Conetix

Let's Get Started

  • This field is for validation purposes and should be left unchanged.