/plushcap/analysis/cloudflare/new-ssl-vulnerabilities-cloudflare-users-prot

New "Lucky Thirteen" SSL Vulnerabilities: CloudFlare Users Protected

What's this blog post about?

On February 4, 2013, a new SSL vulnerability known as the Lucky Thirteen was announced. Although TLS 1.1/1.2 do not fix this issue, it is theoretically difficult to exploit and requires creating numerous connections and measuring timing differences. CloudFlare's default SSL configuration protects against this attack by deprioritizing the vulnerable cipher. To ensure protection from the new vulnerability, users should upgrade their OpenSSL or NGINX versions when a patch is released and prioritize the RC4 cipher in their web server settings.

Company
Cloudflare

Date published
Feb. 4, 2013

Author(s)
Matthew Prince

Word count
297

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.