[openssl-users] RSA silently downgraded to EXPORT_RSA [client]

Vikas TM vikas.tm at gmail.com
Fri Aug 28 08:05:35 UTC 2015


Hi All,

I have following two queries,

1. When I specify option -cipher EXPORT in the s_client command, it says
connected and cipher changed new cipher EXP-EDH-RSA-DES-CBC-SHA. If I am
not requesting -cipher of EXPORT type then it returns DHE-RSA-AES256-SHA

Here, when I request cipher of type EXPORT, then new cipher
EXP-EDH-RSA-DES-CBC-SHA accepted by client. It means my openSSL is
Vulnerable?

2. From many post I have understood that if webserver uses vulnerable
openSSL version (0.9.x version previous of 0.9.8zd) for https service, they
are vulnerable to Middle Man Attack.

Here, if FTP server uses vulnerble openSSL version (0.9.x version previous
of 0.9.8zd), is FTP over openSSL service also vulnerable to Middle Man
Attack?

Please let me know the answer for queries. It will be helpful for me to
understand this threat.
Thank you,
Vikas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150828/6e843ff7/attachment.html>


More information about the openssl-users mailing list