Is there patch for SSL FREAK

I seen my vps was vulnerable to this by checking I think we need to get this issue addressed.

Hi mrgeekchris

Sorry, I’ve just tested one of our SSL and cannot see freak listed.

Is it cve-2014-0224

If so, I thought this had been resolved and you may need to upgrade your OpenSSL if your showing as vunerable.

I could be wrong so I apologise in advance, but if you could post your result showing the freak failure or how best to test for it.

Many thanks


“FREAK”, also known as CVE-2015-0204, is a client vulnerability - not a server vulnerability. It had a patch pushed by Red Hat in January via RHSA-2015-0066 (click the link for information on that change set). Red Hat’s analysis of the attack can be found here - they’re convinced it’s an extremely low-risk attack.

You can also directly test your server by logging in and running the command ‘curl’. If that command fails with any error message, your server’s OpenSSL version is not vulnerable. I’ve tested on a half-dozen customer machines as well as my own InterWorx servers (both company-owned and my personal rig) and can confirm that CentOS’s version of openssl-1.0.1e-30 is not vulnerable.

Alright. I think I miss read something just got alittle freaked out