I would like to point out what security.tls.version.min actually does:
http://kb.mozillazine.org/Security.tls.version.*
Setting security.tls.version.min to 1 allows TLSv1.0 to be used, which
is vulnerable to a similar padding oracle attack (and timing oracle
attacks) found long ago. You should be using a value of 2 for this setting.
-Brad
On 10/16/2014 10:28 AM, Marco Galicia wrote:
Hi,
As I know, a new vulnerability called poodle has been discovered
regadirng https. This vulnerabilty takes advantage of the ssl 3.0, and
forcecs the https protocol to use this outdated protocol.
I have been told that a fix for this vulnerabilty is to disable the
use of this protocol in the web browsers.
In inceweasel:
/change this option in about:config
/
/*
security.tls.version.min
*/
/*to 1
*/
/*
*/
/shoulnd't iceweasel be recompiled to include this option in the
complilation settings??
/
/Can it be done officially in debian??
/
/Can this be done also for other web browsers??
/
If if is not possible to do ti officially??
How can i do it?? What would be the compilation parameter, something
like " /.config --security.tls-version.min.1??
I have obtained the info from this webiste.
http://www.dmdcosillas.org/2014/10/que-demonios-no-hay-dos-sin-tres/
(in spanish)
--
/Por favor, evite enviarme documentos adjuntos en formato Word Excel o
PowerPoint.
Como alternativa puede enviarme documentos en formato odt, odx u ods,
además de documentos en formato pdf
Si realmente es necesario enviarme un documento en formato Word, por
favor utilize el formato .doc en lugar de .docx
Vea http://www.gnu.org/philosophy/no-word-attachments.html
http://es.libreoffice.org/
http://getgnulinux.org/es
/
