Protect my system against a FREAK attack

From ProVide DocWiki
Jump to: navigation, search

The cipher RSA-RC4-MD5-EXPORT has been removed from the default cipher list to handle FREAK vulnerability. ProVide has to be updated to version 10.5 before the changes can take place. If the standard settings for ciphers are used in the Settings.ini file then the old standard settings will be replaced with the new standard settings for ciphers after a restart of ProVide. This apply to version 10.5 and above. This change will make ProVide more secure.

How to check if changes has taken place:

1, Locate where your accounts and settings are stored:

  • If the ProVide is running as a system service, all accounts and settings are stored in the same folder as the exe-file (usually in "Program Files").
  • If the ProVide is not running as a system service, all settings and accounts are stored in %APPDATA% under "ProVide".

2, Open the file that is called Settings.ini and look for the settings [FTPS Ciphers] and [HTTPS Ciphers] and check if the cipher RSA-RC4-MD5-EXPORT has been removed.