Patch / update for znc to disable weak ciphers and SSLv2/SSLv3 protocols

Hi, the ZNC IRC Bouncer (https://packages.debian.org/wheezy/znc) finally allows to choose own ciphers and to disable SSLv2/SSLv3 protocols with this pull requests: https://github.com/znc/znc/pull/716 https://github.com/znc/znc/pull/717 Not sure if those are easy to apply to the older version

Re: Patch / update for znc to disable weak ciphers and SSLv2/SSLv3 protocols

Hi Chris, On Mon, October 27, 2014 07:48, Chris wrote: the ZNC IRC Bouncer (https://packages.debian.org/wheezy/znc) finally allows to choose own ciphers and to disable SSLv2/SSLv3 protocols with this pull requests: https://github.com/znc/znc/pull/716 https://github.com/znc/znc/pull/717

Re: Patch / update for znc to disable weak ciphers and SSLv2/SSLv3 protocols

Hi, Would you be so kind to file this as a bug against the znc package? and thanks for the hint. Just created a new bugreport against the znc package: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766957 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of

streql - Constant-time string comparison

Dear debian-security, I am looking for a sponsor for my package streql. In Python, the code for testing the equality of strings is susceptible to a timing side channel attack. The package 'streql' provides a function for comparing strings of equal length in equal time, regardless of the content