In the light of the FREAK TLS vulnerability, how may I disable insecure cipher suites manually in Safari?
Safari on OS X uses Secure Transport for SSL/TLS, the same implementation which is linked in cURL, App Store, etc. Secure Transport does not have any user configurations available. Therefore, it is not possible to modify Safari cipher suites.
Anyway, Apple recently released Security Update 2015-002 which fixes this issue.
Impact: An attacker with a privileged network position may intercept SSL/TLS connections
Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris
You can examine Secure Transport client with something like, curl "https://www.howsmyssl.com/a/check" | tr ',' '\n'
. As someone pointed out, it is also a good idea to use Firefox or Chrome which use NSS instead.