Bug#728068: iceweasel: please enable TLS 1.2 by default
brian m. carlson
sandals at crustytoothpaste.net
Mon Oct 28 02:00:31 UTC 2013
Package: iceweasel
Version: 25.0~b9-1
Severity: wishlist
By default, Iceweasel enables only TLS 1.0. TLS 1.2 provides important
security benefits, such as HMAC-SHA256 and GCM ciphersuites (with a new
enough version of NSS). Iceweasel has support for this, but it is
simply not enabled. I have set the option in about:config, have been
browsing with it for some time, and have seen zero problems. All other
modern web browsers enable this by default, and so should Iceweasel.
Please enable TLS 1.2 and the GCM ciphersuites by default. If you need
to clone a separate bug for the GCM ciphersuites, please do.
-- Package-specific info:
-- Addons package information
ii iceweasel 25.0~b9-1 amd64 Web browser based on Firefox
ii totem-mozilla 3.8.2-3 amd64 Totem Mozilla plugin
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.11-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages iceweasel depends on:
ii debianutils 4.4
ii fontconfig 2.11.0-1
ii libc6 2.17-93
ii libgdk-pixbuf2.0-0 2.28.2-1
ii libglib2.0-0 2.38.1-1
ii libgtk2.0-0 2.24.22-1
ii libnspr4 2:4.10.1-1
ii libnspr4-0d 2:4.10.1-1
ii libsqlite3-0 3.8.1-1
ii libstdc++6 4.8.2-1
ii procps 1:3.3.8-2
ii xulrunner-25.0 25.0~b9-1
iceweasel recommends no packages.
Versions of packages iceweasel suggests:
pn fonts-mathjax <none>
pn fonts-oflb-asana-math <none>
ii fonts-stix [otf-stix] 1.1.0-1
ii libgssapi-krb5-2 1.11.3+dfsg-3
pn mozplugger <none>
ii otf-stix 1.1.0-1
Versions of packages xulrunner-25.0 depends on:
ii libasound2 1.0.27.2-3
ii libatk1.0-0 2.10.0-2
ii libbz2-1.0 1.0.6-5
ii libc6 2.17-93
ii libcairo2 1.12.16-2
ii libdbus-1-3 1.6.16-1
ii libdbus-glib-1-2 0.100.2-1
ii libevent-2.0-5 2.0.21-stable-1
ii libfontconfig1 2.11.0-1
ii libfreetype6 2.4.9-1.1
ii libgcc1 1:4.8.2-1
ii libgdk-pixbuf2.0-0 2.28.2-1
ii libglib2.0-0 2.38.1-1
ii libgtk2.0-0 2.24.22-1
ii libhunspell-1.3-0 1.3.2-4
ii libmozjs25d 25.0~b9-1
ii libnspr4 2:4.10.1-1
ii libnss3 2:3.15.2-1
ii libpango-1.0-0 1.36.0-1
ii libpixman-1-0 0.30.2-1
ii libsqlite3-0 3.8.1-1
ii libstartup-notification0 0.12-3
ii libstdc++6 4.8.2-1
ii libvpx1 1.2.0-2
ii libx11-6 2:1.6.2-1
ii libxext6 2:1.3.2-1
ii libxrender1 1:0.9.8-1
ii libxt6 1:1.1.4-1
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages xulrunner-25.0 suggests:
ii libcanberra0 0.30-2
ii libgnomeui-0 2.24.5-2
-- no debconf information
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20131028/2da6288d/attachment.sig>
More information about the pkg-mozilla-maintainers
mailing list