See: https://dev.ssllabs.com/ssltest/analyze.html?d=www.zus.pl
Next to other vulnerabilties and weaknesses (overall F-rating) Bleichenbacher vuln. Yes EXPLOITABLE[/b][/i]
Server admin is advised either to install available updates or disable TLS RSA-encryption whenever and wherever possible.
polonus (volunteer website security analyst and website error-hunter)
P.S. Having https everywhere is a great idea, but now it comes with a price to pay
Damian
P.S. For such a MiM attack to be succesful the attack should be able to crack the encrypion very, very fast,
before the server even could become aware of the overall fraud on the still unencrypted open connection-
credit for this info goes to Bitwiper.
D.