Blog: How Tos

The lowdown on the SKIP-TLS and FREAK flaws

Jamie Riden 05 Mar 2015

SKIP-TLS and FREAK flaws

Firstly, SKIP-TLS seems the more severe of the two attacks, where due to weaknesses in the Java client state machine for TLS, it is possible to literally miss out crucial steps of the handshaking. This means that a malicious server can masquerade as the intended target – or man-in-the-middle in other words. If you have affected client software, you will need to patch it.

The FREAK SSL issue arises from abusing the old EXPORT grade ciphers that were built into SSL because the US government didn’t like other countries using strong crypto. Of course that is all long obsolete now, but some people still have these weak cipher suites enabled on their webservers, and someone has found a way to abuse them.

A downgrade attack is possible for some clients where both ends are convinced to negotiate an export-grade cipher – the key of which can be cracked fairly readily these days. We’ve been telling people to disable any cipher suites using less than 128-bit symmetric encryption for quite a while, but this has added a new urgency to that. Firstly it is suggested to remove weak/medium strength ciphers from your server as that’s the easier bit. Then you can worry about patching affected clients.


CyaSSL – update to at least 3.3.0
Java – apply January CPU:
Other patches due to be announced, but it’s not specified what software is affected.


Disable export grade ciphers on *all* SSL-enabled web servers. (And indeed on anything else that uses SSL, such as STARTTLS on mail servers).

libreSSL – update to at least 2.1.4
openSSL – update to at least 1.0.1k
Safari – patch not yet issued ? My copy on Windows is broken I’m afraid…
iOS – patch not yet issued, keep an eye out.
Android – patch not yet issued, keep an eye out.


Client test and advice here:
SSL Server test – please tick “Do not show results on the board” though, unless you’re feeling really confident!
More discussion here: