344851 – FREAK attack vulnerability

Bug 344851 - FREAK attack vulnerability

Summary: FREAK attack vulnerability

Status:	RESOLVED FIXED

Alias:	None

Product:	kio
Classification:	Unmaintained
Component:	http (other bugs)
Version First Reported In:	4.14.1
Platform:	openSUSE Linux

Importance:	NOR critical
Target Milestone:	---
Assignee:	kdelibs bugs

URL:
Keywords:

Duplicates (1):	344893 (view as bug list)
Depends on:
Blocks:

Reported:	2015-03-05 01:35 UTC by Grósz Dániel
Modified:	2017-09-05 15:37 UTC (History)
CC List:	7 users (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Grósz Dániel 2015-03-05 01:35:55 UTC

https://freakattack.com/
KDE web browsers Konqueror and Rekonq appear vulnerable.

Somewhat unclear though. If the browser is incompatible with the test site (this also happens if you download the site with wget or kioclient cp), it tells you to try https://cve.freakattack.com . This one does not load in KDE, while it does on my vulnerable android browser.

Comment 1 Markus 2015-03-05 10:03:34 UTC

As you can see at https://cc.dcsec.uni-hannover.de/ the konqueror does support the vulnerable export ciphers.

The allowed ciphers must be reduced for all kde programs using ssl/tls.

Comment 2 Christoph Feck 2015-03-06 10:57:21 UTC

*** Bug 344893 has been marked as a duplicate of this bug. ***

Comment 3 kdebugs 2016-04-23 21:45:53 UTC

Works for me on Konqueror 4.14.13 and rekonq 2.4.2 using first link in description.  (second link is no longer functional) (Ubuntu 14.04 32-bit)

Someone want to close this bug?