FREAK

pablozi

Beta Tester
Can Adguard expose us to FREAK attack? In fact AG is intercepting TLS connection and tests made by Safegroup members shows that Google Chrome with AG enabled is vurnerable but when HTTPS filtering was disabled browser was safe. Can devs say something more about this?
https://freakattack.com/clienttest.html
 

avatar

Administrator
Staff member
Administrator
Need some time to check it, thank you!

---------- Post added at 02:34 PM ---------- Previous post was at 01:39 PM ----------

I've checked it and you're right, attack of such type is possible in current version.
Although possibility is low because vulnerable ciphers are disabled.

We'll fix it in the next patch.
 

Boo Berry

Moderator + Beta Tester
Moderator
FYI, this is now fixed in the latest Adguard for Windows beta build. I'm guessing the next OS X beta build might have this fixed too.
 

avatar

Administrator
Staff member
Administrator
FYI, this is now fixed in the latest Adguard for Windows beta build. I'm guessing the next OS X beta build might have this fixed too.
I hope this week we'll release new Mac beta fixing all SSL issues we have.
 
Top