HTTPS FREAK vulnerability
Posted: Wed Mar 04, 2015 5:06 pm
There is a security vulnerability in OpenSSL with the name "FREAK" that can affect Thunderstone Search Appliances as well as any browser or server using SSL protocols. See CVE-2015-0204 and https://freakattack.com .
Turning off low security and export grade ciphers will eliminate the vulnerability. On your Thunderstone Search appliance admin interface go to "HTTPS/SSL Ciphers" under "System Wide Settings". If you have "DEFAULT" or "DEFAULT:!LOW" change it to "DEFAULT:!LOW:!EXPORT" then Update.
Turning off low security and export grade ciphers will eliminate the vulnerability. On your Thunderstone Search appliance admin interface go to "HTTPS/SSL Ciphers" under "System Wide Settings". If you have "DEFAULT" or "DEFAULT:!LOW" change it to "DEFAULT:!LOW:!EXPORT" then Update.