A vulnerability has been discovered in OpenSSL that allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use weak "export-grade" cryptography, which can then be decrypted or altered.
Opengear products explicitly disable export-grade ciphers for HTTPS therefore are not affected.
In extraordinary circumstances it is possible that export-grade ciphers have been manually enabled via a custom cipher list. You may check for the presence of a custom cipher list by running config -g config.https.customciphers (typically no output will be returned) and remove it with: config -d config.https.customciphers -r ssl
Comments
0 comments
Article is closed for comments.