Bug#611461: iceweasel still does insecure ssl renegotiation?!

Package: iceweasel Version: 3.5.16-4 Severity: grave Tags: security Justification: user security hole Hi. It seems that iceweasel still is vulnerable to the SSL renegotiation attack, as simply is configured per default to allow the vulnerable renegotiation:

Bug#611461: iceweasel still does insecure ssl renegotiation?!

On Saturday 29 January 2011, Christoph Anton Mitterer wrote: It seems that iceweasel still is vulnerable to the SSL renegotiation attack, as simply is configured per default to allow the vulnerable renegotiation: This has to be balanced between compatibility and security. Currently less than

Bug#611461: iceweasel still does insecure ssl renegotiation?!

On Sat, 2011-01-29 at 18:47 +0100, Stefan Fritsch wrote: This has to be balanced between compatibility and security. Currently less than 50% of the servers on the internet are patched. So it is sensible to not deny renegotiation for unpatched servers. Patched servers usually won't allow

Bug#611461: iceweasel still does insecure ssl renegotiation?!

On 01/29/2011 01:12 PM, Christoph Anton Mitterer wrote: On Sat, 2011-01-29 at 18:47 +0100, Stefan Fritsch wrote: This has to be balanced between compatibility and security. Currently less than 50% of the servers on the internet are patched. So it is sensible to not deny renegotiation for