AnsweredAssumed Answered

Freak Test False Positives

Question asked by Jul Jones on Mar 8, 2015
Latest reply on Mar 10, 2015 by Jul Jones

The SSLlabs browser test using IE9 fixed with SSLlocker.com reports Freak vulnerable.

SSLlocker changes the Windows Schannel registry settings.

Ciphers are ordered strongest to weakest SSLv3 is disabled TLS v1 v1.1 & v1.2 enabled

Weak ciphers are disabled. FreakAttack reports the same false positive.

SSLlocker with just 2 mouse clicks does similar settings as MS advisory 3046015
(which also reports Freak false positive using the 3046015 changes)

I assume the code for the freak test is the same as FreakAttack.

Any idea why it is false positive reporting ?

The snapshot of the test is here https://www.ssllocker.com/ssllockerIE9.jpg

Outcomes