No upgrade needed: CloudFlare sites already protected from FREAK
What's this blog post about?
On March 04, 2015, John Graham-Cumming announced that CloudFlare's SSL customers are not affected by the FREAK vulnerability. The company does not support 'export grade' cryptography and upgraded to a non-vulnerable version of OpenSSL in early January. Their OpenSSL configuration is available on Github, along with patches for OpenSSL 1.0.2. CloudFlare stays proactive by disabling outdated protocols and ciphers while keeping up with the latest secure ones.
Company
Cloudflare
Date published
March 4, 2015
Author(s)
John Graham-Cumming
Word count
143
Language
English
Hacker News points
None found.