On 01/29/2011 01:12 PM, Christoph Anton Mitterer wrote:
> On Sat, 2011-01-29 at 18:47 +0100, Stefan Fritsch wrote:
>> This has to be balanced between compatibility and security. Currently
>> less than 50% of the servers on the internet are patched. So it is
>> sensible to not deny renegotiation f
On Sat, 2011-01-29 at 18:47 +0100, Stefan Fritsch wrote:
> This has to be balanced between compatibility and security. Currently
> less than 50% of the servers on the internet are patched. So it is
> sensible to not deny renegotiation for unpatched servers.
>
> Patched servers usually won't all
On Saturday 29 January 2011, Christoph Anton Mitterer wrote:
> It seems that iceweasel still is vulnerable to the SSL
> renegotiation attack, as simply is configured per default to allow
> the vulnerable renegotiation:
This has to be balanced between compatibility and security. Currently
less tha
Package: iceweasel
Version: 3.5.16-4
Severity: grave
Tags: security
Justification: user security hole
Hi.
It seems that iceweasel still is vulnerable to the SSL renegotiation attack,
as simply is configured per default to allow the vulnerable renegotiation:
security.ssl.require_safe_negotiation;
4 matches
Mail list logo