Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

Quick Launch

Average Rating:

(3 Ratings)
facebook Twitter
Print Bookmark Alert me when this article is updated


HOW TO:  Protect your Informatica Domain from the  SSL/TLS Vulnerability (CVE-2015-0204)



The Factoring Attack on RSA-EXPORT Keys (FREAK) vulnerability affects the following Informatica products:

·         Big Data Edition

·         Data Explorer​

·         Data Quality

·         Data Replication

·         Data Services

·         Native Adapters

·         PowerCenter

·         PowerCenter Express

·         PowerExchange Mainframe and Changed-Data Capture

The FREAK vulnerability allows a man-in-the-middle attacker to compromise the SSL/TLS handshake between the client and server. The attack forces the server to use an export-grade cipher even if the client specifies a different cipher. Export-grade ciphers are a weaker form of encryption that can be decrypted. Due to a bug in the SSL/TLS library, the client accepts the export grade cipher. The attacker can decipher the encryption key and compromise the security of transmitted data.

The FREAK vulnerability can be exploited when the following conditions are true:

·         The server supports export grade RSA ciphers

·         The client uses a vulnerable SSL/TLS library

FREAK affects multiple SSL/TLS libraries, including the following libraries:

·         OpenSSL versions earlier than 1.0.1k

·         BoringSSL versions earlier than November 10, 2014

·         Secure Transport versions without OS X Security Update 2015-002, iOS 8.2, or AppleTV 7.1

·         Schannel versions without Microsoft Security Bulletin MS15-031

For more information about the FREAK vulnerability, see the following website from the French Institute for Research in Computer Science and Automation:

To protect the Informatica domain from the FREAK vulnerability, perform the following tasks:


·         Apply the EBF to the Informatica domain

·         Disable RSA-EXPORT Keys for your browser

·         Disable RSA-EXPORT Keys for Database Connections

If the Informatica domain runs on version 9.6.1 HotFix 3 or later, you do not need to apply the EBF.

Informatica does not recommend using SSL/TLS with application adapters.

Apply the EBF to the Informatica Domain 

To disable RSA-EXPORT keys, apply the EBF for your version of Informatica. The following table lists the EBF required for versions 9.6.1 HotFix 2:


Operating System


9.6.1 HF2



9.6.1 HF2



9.6.1 HF2

Windows  x64


9.6.1 HF2

Solaris sp-64




After you apply the EBF, support for SSL certificates that use RSA encryption with 512 bits or less is disabled. You must replace any affected SSL certificates as well as related keystores and truststores with certificates that are supported.

If you are on an earlier version of Informatica 9.6.1, upgrade to the latest HotFix before you apply the EBF.

You must apply the EBF to all the nodes in the domain as well as to any machine that hosts the Informatica client.

For more information about how to apply the EBF, see the instructions packaged with the EBF.

Disable RSA-EXPORT Keys for Your Browser


Upgrade to the latest release of your browser.

Disable RSA-EXPORT Keys for Database Connections

Data Direct ODBC/JDBC Drivers


Data Direct recommends disabling the export ciphers. To disable the export ciphers, add the following text to the connection string:




Data Direct is working to confirm that disabling RSA ciphers will avoid the FREAK vulnerability. There may be additional changes required when specifying the CipherList property. There is also the possibility that restricting the cipher list on the client may not avoid the vulnerability.


Native Connectors


Informatica only certifies SSL/TLS connections to Oracle, DB2, and SQL Server databases.

For information about how to address the FREAK vulnerability for native connectors to a database, see the documentation for that database.


Application Adapters


No action required. Informatica does not recommend SSL/TLS connections for application adapters.

More Information
Applies To
Product: Data Quality; Universal Data Replication; PowerCenter; PowerExchange; Big Data Management
Problem Type:
User Type:
Project Phase: Configure
Product Version:
Operating System:
Other Software:
Last Modified Date:12/16/2015 9:02 PMID:325261
People who viewed this also viewed


Did this KB document help you?

What can we do to improve this information (2000 or fewer characters)