[Pkg-chromium-maint] Bug#765928: chromium-browser: Please disable SSLv3
dom at earth.li
Sun Oct 19 10:14:57 UTC 2014
The well-publicised POODLE vulnerability in SSLv3 has led to general
recommendations that SSLv3 should be disabled at both the server and
In order to disable SSLv3 in Chromium, one currently has to invoke it
with --ssl-version-min=tls1 which is not very user-friendly. I think
that disabling this by default in a DSA update is appropriate here.
This change has already been made in Iceweasel as of 31.2.0esr-2~deb7u1.
-- System Information:
Debian Release: 7.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages chromium-browser depends on:
ii chromium 37.0.2062.120-1~deb7u1
chromium-browser recommends no packages.
chromium-browser suggests no packages.
-- no debconf information
-- debsums errors found:
dpkg-query: warning: parsing file '/var/lib/dpkg/status' near line 69365 package 'funny-manpages':
dpkg-divert: warning: parsing file '/var/lib/dpkg/status' near line 69365 package 'funny-manpages':
More information about the Pkg-chromium-maint