Bug 344851

Summary: FREAK attack vulnerability
Product: [Unmaintained] kio Reporter: Grósz Dániel <groszdanielpub>
Component: httpAssignee: kdelibs bugs <kdelibs-bugs-null>
Status: RESOLVED FIXED    
Severity: critical CC: adawit, arjunak234, cfeck, kdebugs, m4rkusxxl, mizban, nate
Priority: NOR    
Version First Reported In: 4.14.1   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Grósz Dániel 2015-03-05 01:35:55 UTC 
https://freakattack.com/
KDE web browsers Konqueror and Rekonq appear vulnerable.

Somewhat unclear though. If the browser is incompatible with the test site (this also happens if you download the site with wget or kioclient cp), it tells you to try https://cve.freakattack.com . This one does not load in KDE, while it does on my vulnerable android browser.
Comment 1 Markus 2015-03-05 10:03:34 UTC 
As you can see at https://cc.dcsec.uni-hannover.de/ the konqueror does support the vulnerable export ciphers.

The allowed ciphers must be reduced for all kde programs using ssl/tls.
Comment 2 Christoph Feck 2015-03-06 10:57:21 UTC 
*** Bug 344893 has been marked as a duplicate of this bug. ***
Comment 3 kdebugs 2016-04-23 21:45:53 UTC 
Works for me on Konqueror 4.14.13 and rekonq 2.4.2 using first link in description.  (second link is no longer functional) (Ubuntu 14.04 32-bit)

Someone want to close this bug?