Bug#728068: iceweasel: please enable TLS 1.2 by default

brian m. carlson sandals at crustytoothpaste.net
Mon Oct 28 02:00:31 UTC 2013 

Package: iceweasel
Version: 25.0~b9-1
Severity: wishlist

By default, Iceweasel enables only TLS 1.0.  TLS 1.2 provides important
security benefits, such as HMAC-SHA256 and GCM ciphersuites (with a new
enough version of NSS).  Iceweasel has support for this, but it is
simply not enabled.  I have set the option in about:config, have been
browsing with it for some time, and have seen zero problems.  All other
modern web browsers enable this by default, and so should Iceweasel.

Please enable TLS 1.2 and the GCM ciphersuites by default.  If you need
to clone a separate bug for the GCM ciphersuites, please do.

-- Package-specific info:

-- Addons package information
ii  iceweasel      25.0~b9-1    amd64        Web browser based on Firefox
ii  totem-mozilla  3.8.2-3      amd64        Totem Mozilla plugin

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages iceweasel depends on:
ii  debianutils         4.4
ii  fontconfig          2.11.0-1
ii  libc6               2.17-93
ii  libgdk-pixbuf2.0-0  2.28.2-1
ii  libglib2.0-0        2.38.1-1
ii  libgtk2.0-0         2.24.22-1
ii  libnspr4            2:4.10.1-1
ii  libnspr4-0d         2:4.10.1-1
ii  libsqlite3-0        3.8.1-1
ii  libstdc++6          4.8.2-1
ii  procps              1:3.3.8-2
ii  xulrunner-25.0      25.0~b9-1

iceweasel recommends no packages.

Versions of packages iceweasel suggests:
pn  fonts-mathjax          <none>
pn  fonts-oflb-asana-math  <none>
ii  fonts-stix [otf-stix]  1.1.0-1
ii  libgssapi-krb5-2       1.11.3+dfsg-3
pn  mozplugger             <none>
ii  otf-stix               1.1.0-1

Versions of packages xulrunner-25.0 depends on:
ii  libasound2                1.0.27.2-3
ii  libatk1.0-0               2.10.0-2
ii  libbz2-1.0                1.0.6-5
ii  libc6                     2.17-93
ii  libcairo2                 1.12.16-2
ii  libdbus-1-3               1.6.16-1
ii  libdbus-glib-1-2          0.100.2-1
ii  libevent-2.0-5            2.0.21-stable-1
ii  libfontconfig1            2.11.0-1
ii  libfreetype6              2.4.9-1.1
ii  libgcc1                   1:4.8.2-1
ii  libgdk-pixbuf2.0-0        2.28.2-1
ii  libglib2.0-0              2.38.1-1
ii  libgtk2.0-0               2.24.22-1
ii  libhunspell-1.3-0         1.3.2-4
ii  libmozjs25d               25.0~b9-1
ii  libnspr4                  2:4.10.1-1
ii  libnss3                   2:3.15.2-1
ii  libpango-1.0-0            1.36.0-1
ii  libpixman-1-0             0.30.2-1
ii  libsqlite3-0              3.8.1-1
ii  libstartup-notification0  0.12-3
ii  libstdc++6                4.8.2-1
ii  libvpx1                   1.2.0-2
ii  libx11-6                  2:1.6.2-1
ii  libxext6                  2:1.3.2-1
ii  libxrender1               1:0.9.8-1
ii  libxt6                    1:1.1.4-1
ii  zlib1g                    1:1.2.8.dfsg-1

Versions of packages xulrunner-25.0 suggests:
ii  libcanberra0  0.30-2
ii  libgnomeui-0  2.24.5-2

-- no debconf information

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20131028/2da6288d/attachment.sig>

More information about the pkg-mozilla-maintainers mailing list