Package: iceweasel Version: 24.0~b7-1 Severity: wishlist The details provided in the Technical Details section of the security dialog are not very helpful. Yes, they tell me that bugzilla.mozilla.org is using 256-bit AES, but they don't tell me what version of TLS is being used (are we using TLS 1.0 with the CBC bug), the key exchange method (is perfect forward secrecy being used?), whether CBC or GCM is being used (hopefully the latter), or any other information about the cipher suite. I can surmise the signature algorithm from the certificate provided. All of this information is important as technical details, since all of it impacts security. To my knowledge, there is no way to acquire this on the client side.
Chromium provides the full cipher suite, although not the TLS version (last I checked). Please provide all of this information in the dialog, or at least provide the user some way to see it. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11-rc7-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iceweasel depends on: ii debianutils 4.4 ii fontconfig 2.10.2-2 ii libc6 2.17-92+b1 ii libgdk-pixbuf2.0-0 2.28.2-1 ii libglib2.0-0 2.36.4-1 ii libgtk2.0-0 2.24.20-1 ii libnspr4 2:4.10-1 ii libnspr4-0d 2:4.10-1 ii libsqlite3-0 3.8.0.1-1 ii libstdc++6 4.8.1-10 ii procps 1:3.3.8-2 ii xulrunner-24.0 24.0~b7-1 iceweasel recommends no packages. Versions of packages iceweasel suggests: ii fonts-stix [otf-stix] 1.1.0-1 ii libgssapi-krb5-2 1.11.3+dfsg-3 pn mozplugger <none> ii otf-stix 1.1.0-1 Versions of packages xulrunner-24.0 depends on: ii libasound2 1.0.27.2-1 ii libatk1.0-0 2.8.0-2 ii libbz2-1.0 1.0.6-5 ii libc6 2.17-92+b1 ii libcairo2 1.12.14-5 ii libdbus-1-3 1.6.14-1 ii libdbus-glib-1-2 0.100.2-1 ii libevent-2.0-5 2.0.21-stable-1 ii libfontconfig1 2.10.2-2 ii libfreetype6 2.4.9-1.1 ii libgcc1 1:4.8.1-10 ii libgdk-pixbuf2.0-0 2.28.2-1 ii libglib2.0-0 2.36.4-1 ii libgtk2.0-0 2.24.20-1 ii libhunspell-1.3-0 1.3.2-4 ii libmozjs24d 24.0~b7-1 ii libnspr4 2:4.10-1 ii libnss3 2:3.15.1-1 ii libpango-1.0-0 1.32.5-5+b1 ii libpixman-1-0 0.30.2-1 ii libsqlite3-0 3.8.0.1-1 ii libstartup-notification0 0.12-3 ii libstdc++6 4.8.1-10 ii libvpx1 1.2.0-2 ii libx11-6 2:1.6.1-1 ii libxext6 2:1.3.2-1 ii libxrender1 1:0.9.8-1 ii libxt6 1:1.1.4-1 ii zlib1g 1:1.2.8.dfsg-1 Versions of packages xulrunner-24.0 suggests: ii libcanberra0 0.30-2 ii libgnomeui-0 2.24.5-2 -- no debconf information -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
