Search

GlobalSCAPE Knowledge Base

Is EFT vulnerable to the Raccoon attack?

Last Year
Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT, all versions

QUESTION

Is EFT vulnerable to the Raccoon attack?

ANSWER

No, if the Diffie-Hellman (DH) key exchange is disabled.

More Information

Raccoon is a timing vulnerability in the TLS specification that affects HTTPS and other services that rely on SSL and TLS. The attack generally targets the Diffie-Hellman (DH) key exchange in TLS 1.2 and below.

The OpenSSL 1.0.2 implementation reuses keys in cipher suites beginning with DH-. Only those are vulnerable. Not DH authentication, not DH key exchange etc. Only the specific combinations are vulnerable. That is, look at the cipher suite string; if it begins with DH-, the cipher suite is vulnerable. For example, DH-DSS-AES128-SHA256 is vulnerable.

For best security, disable ciphers that you do not need enabled.

If a cipher that begins with "DH-" is enabled, EFT will display the following warning:

Message

SecurityTab

For more information about the Raccoon attack: https://raccoon-attack.com/

Share Article

On a scale of 1-5, please rate the helpfulness of this article



Not Helpful
Very Helpful
Optionally provide additional feedback to help us improve this article...

Thank you for your feedback!


Comments require login or registration.

Details
Last Modified: Last Year
Last Modified By: kmarsh
Type: FAQ
Article not rated yet.
Article has been viewed 28K times.
Options
Print Article
Export As PDF
Also In This Category
Tags
Diffie-Helman
raccoon
TLS handshake
vulnerability
vulnerable
Customer Support Software By InstantKB 2020 Final
Execution: 0.000. 7 queries. Compression Disabled.