How to remediate – SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Supported (FREAK)

1. Introduction

The SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Supported (FREAK) vulnerability means a server allows connections using outdated and weak encryption methods. This can allow attackers to read sensitive data sent between users and the server. Systems running older versions of OpenSSL or other TLS libraries are usually affected. A successful exploit could compromise confidentiality, integrity, and availability of transmitted data.

2. Technical Explanation

The vulnerability occurs because servers continue to support EXPORT_RSA cipher suites which use RSA keys of 512 bits or less. These keys can be factored relatively quickly using modern computing resources. An attacker performing a man-in-the-middle attack can force the negotiation of one of these weak ciphers, downgrading the security of the connection. This is tracked as CVE-2015-0204.

• Root cause: Support for insecure EXPORT_RSA cipher suites with key sizes 512 bits or less remains enabled in TLS configurations.
• Exploit mechanism: An attacker intercepts the TLS handshake and manipulates it to force the server to use an EXPORT_RSA cipher suite, effectively downgrading the encryption strength.
• Scope: Servers using OpenSSL versions prior to 1.0.1p are affected. Other TLS implementations may also be vulnerable if they support these weak ciphers.

3. Detection and Assessment

You can check for this vulnerability by examining the server’s supported cipher suites. A thorough assessment involves using a dedicated scanning tool.

• Quick checks: Use openssl s_client -connect yourserver:443 and look at the “Cipher suite” line in the output. If you see any EXPORT ciphers listed, the server is vulnerable.
• Scanning: Nessus plugin ID b78da2c4 can detect this vulnerability. Other scanners may have similar checks.
• Logs and evidence: Check TLS handshake logs for cipher suite negotiation details. Look for the presence of EXPORT_RSA suites.

openssl s_client -connect yourserver:443

4. Solution / Remediation Steps

Remove support for weak EXPORT_RSA cipher suites from your server’s TLS configuration.

4.1 Preparation

• Ensure you have access to the server’s configuration files and understand how to modify them. A roll back plan is to restore the backed-up configuration file.
• Changes may require a scheduled maintenance window, depending on the service’s criticality. Approval from relevant stakeholders might be needed.

4.2 Implementation

1. Step 1: Edit your server’s TLS configuration file (e.g., Apache httpd.conf, Nginx nginx.conf).
2. Step 2: Remove any lines that explicitly enable EXPORT_RSA cipher suites or allow weak ciphers.
3. Step 3: Restart the affected service to apply the changes.

4.3 Config or Code Example

Before

SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!eNULL

After

SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256

4.4 Security Practices Relevant to This Vulnerability

Several security practices can help prevent this issue.

• Practice 1: Least privilege – limit the services that expose TLS endpoints to reduce the attack surface.
• Practice 2: Secure defaults – configure new systems with strong cipher suites and disable weak ones by default.
• Practice 3: Patch cadence – Regularly update your software, including OpenSSL, to address known vulnerabilities.

4.5 Automation (Optional)

Ansible can automate TLS configuration changes.

---
- hosts: webservers
  tasks:
    - name: Remove weak cipher suites from Apache config
      lineinfile:
        path: /etc/apache2/mods-enabled/ssl.conf
        regexp: '^SSLCipherSuite ALL:!ADH:!eNULL'
        line: 'SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256'
      notify: Restart Apache
  handlers:
    - name: Restart Apache
      service:
        name: apache2
        state: restarted

5. Verification / Validation

Confirm the fix by checking that weak ciphers are no longer supported and performing a service smoke test.

• Post-fix check: Run openssl s_client -connect yourserver:443 again. The output should *not* list any EXPORT cipher suites.
• Re-test: Re-run the Nessus scan (ID b78da2c4). It should no longer report the vulnerability.
• Smoke test: Verify that users can still connect to the website or service using a modern browser and TLS 1.2 or higher.
• Monitoring: Monitor TLS handshake logs for unexpected cipher suite negotiation attempts.

openssl s_client -connect yourserver:443

6. Preventive Measures and Monitoring

Update security baselines and incorporate checks into your deployment pipeline.

• Baselines: Update your server hardening baseline to explicitly disable EXPORT cipher suites. Consider using a CIS benchmark as a starting point.
• Asset and patch process: Implement a regular patching schedule for OpenSSL and other TLS libraries, ideally within 72 hours of a security advisory release.

7. Risks, Side Effects, and Roll Back

Removing weak ciphers could cause compatibility issues with very old clients.

• Roll back: Restore the backed-up TLS configuration file and restart the affected service.

8. References and Resources

Refer to official advisories for detailed information.

• Vendor advisory or bulletin: https://www.openssl.org/news/secadv/20150108.txt
• NVD or CVE entry: https://nvd.nist.gov/vuln/detail/CVE-2015-0204