In the light of the FREAK TLS vulnerability, how may I disable insecure cipher suites manually in Safari?

macos security openssl safari

Safari on OS X uses Secure Transport for SSL/TLS, the same implementation which is linked in cURL, App Store, etc. Secure Transport does not have any user configurations available. Therefore, it is not possible to modify Safari cipher suites.

Anyway, Apple recently released Security Update 2015-002 which fixes this issue.

Impact: An attacker with a privileged network position may intercept SSL/TLS connections

Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.

CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris

You can examine Secure Transport client with something like, curl "https://www.howsmyssl.com/a/check" | tr ',' '\n'. As someone pointed out, it is also a good idea to use Firefox or Chrome which use NSS instead.

Related

iOS 8: Prevent Safari Mobile from reloading tabs by default
What does Terminal.app store in iCloud?
Mounting Linux filesystem
iCloud is re-creating empty folders for old iOS Apps
Brand new iMac, cannot login to anything
Make iPhone permanently trust computer?
Display facebook profile pictures full size on call
Control iMac and LED Cinema Display Brightness Simultaneously
Make Preview automatically reload PDF without switching to it
Display seconds in addition to hours and minutes on the Clock
Bring Back Old App Launcher
How to enable desktop icons in Ubuntu 20.04