Bug#787505: also affects browsers

[Christophe Deleuze]

Daniel Kahn Gillmor  wrote:
> 
> which web sites are you visiting that do FFDHE with weak groups?  It is

The authentication portal for my university intranet (!)

> a good thing that the browser does not treat these connections as secure
> connections.

Indeed.  But then there's no obvious way to access the site if really
needed.

Possible work-arounds:
 - downgrading to 3.19,
 - setting about:config security.ssl3.*.dhe* to false as suggested by Ben
   Caradoc-Davies above.

Both do work.

Maybe a word on the issue and possible work-arounds should appear in
README.Debian.  Also, it could be nice to display a warning about that
when upgrading from 3.19 since it's probably not obvious for
everybody to go look to libnss3 if the browser or mailer fails.

(assuming that complies with the policy about displaying such warnings,
which I don't know).

--
Christophe Deleuze


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#787505: also affects browsers

[Daniel Kahn Gillmor]

On Tue 2015-06-09 04:28:20 -0400, Christophe Deleuze wrote:
> Just to note that this also affects browsers (experienced with conkeror
> and iceweasel).

which web sites are you visiting that do FFDHE with weak groups?  It is
a good thing that the browser does not treat these connections as secure
connections.

--dkg


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#787505: also affects browsers

[Christophe Deleuze]

Just to note that this also affects browsers (experienced with conkeror
and iceweasel).

--
Christophe Deleuze


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org