SSL: SSL Export Grade Ciphersuite Server Negotiation Attempt
This signature detects an export grade ciphersuite server negotiation attempt. This export-grade cryptography includes out-of-date encryption key lengths that can then easily be decrypted.
Extended Description
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
Affected Products
Openssl openssl
Short Name
SSL:AUDIT:EXPORT-GRADE-CIPHER
Severity
Minor
Recommended
False
Recommended Action
None
Category
SSL
Keywords
Attempt CVE-2015-0204 CVE-2015-1637 CVE-2015-4000 Ciphersuite Export Grade Negotiation SSL Server
Release Date
06/05/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3813
False Positive
Frequently
Vendors
Openssl
CVSS Score
4.3