FREAK (CVE-2015-0204)
FREAK is a TLS downgrade attack that exploits legacy export-grade RSA cipher suites to break encryption between modern clients and servers.
Definition
FREAK (Factoring RSA Export Keys, CVE-2015-0204) is an attack on TLS clients that still accept export-grade RSA cipher suites (a 1990s-era U.S. regulation artefact). A man-in-the-middle attacker forces a downgrade to a 512-bit RSA key that they then factor in hours; the recovered key decrypts the session. The OpenSSL bug allowed the downgrade against clients whose policy should have rejected it.
Mitigation
Disable export-grade cipher suites on every TLS deployment. Modern stacks do this by default.