Reddit /r/VPN response

SupportSupport
in General Privacy Discussion
While we attempted to post this as a comment on the reddit thread - http://www.reddit.com/r/VPN/comments/2zlgy8/openssl_releases_security_advisory_for_freak_it/ - unfortunately, the post was not allowed to be visible. It appears that posts with the word “PIA” are moderated off of the /r/VPN subreddit. It is quite strange given we are the largest for pay VPN service provider in the world with a half million subscribers and growing fast. We did try posting with two different accounts.

We then attempted to contact the moderators, but one has been inactive for 21 days and the other, while active just 7 hours ago, seems to not have had the opportunity to unmoderate our post.

Either way, we have been forced to post this response that belongs on the above mentioned reddit post as a comment on our forum:



Some clarifications about FREAK:

Because FREAK relies on a MITM scenario, HMAC firewall (tls-auth) only protects you if your tls-auth key is secret and unique to you, rather than shared accross all users.  Almost all VPN providers that use tls-auth use a shared key accross all users and therefore do not mitigate the FREAK attack.

"Allow cipher negotiation" is an ambiguous term.  There are two different ciphers in OpenVPN.  There is the OpenVPN cipher which is set with the 'cipher' option in the config file.  This is the cipher that the PIA application lets you change.  This cipher is completely unrelated to FREAK.

There is also the TLS cipher, or more correctly ciphersuite.  The TLS ciphersuite is automatically negotiated by OpenSSL.  There is an option in OpenVPN (tls-cipher) to limit the TLS ciphersuites that the client or server are allowed to select from.  This is usually never set because it doesn't need to be (OpenSSL choses the strongest cipher that both the client and server support) except in rare cases like the FREAK attack, see below.

That said, there are two ways for OpenVPN providers to protect against the FREAK attack:

1) Upgrade the OpenSSL version of the client to a non affected version.

2) Disable TLS EXPORT ciphersuites on the server side (using tls-cipher).  This is the path that PIA took back when the FREAK attack was discovered.  This prevents any OpenVPN client from connecting with a TLS EXPORT ciphersuite which is what the FREAK attack requires.  We preferred this solution because it requires no work for our users and we can be 100% sure that our users are protected rather than only the ones that took the time to upgrade.

If a VPN provider goes with option #1 but not #2 then you will still be able to connect with a TLS EXPORT ciphersuite which means their users are only protected if they have upgraded to the latest OpenSSL.
 
To reiterate, being able to change encryption level (cipher/auth) client-side has nothing to do with FREAK.

Comments

Sign In or Register to comment.