Bug#722047: iceweasel: technical details of encryption are insufficient

brian m. carlson sandals at crustytoothpaste.net
Sat Sep 7 00:38:54 UTC 2013 

Package: iceweasel
Version: 24.0~b7-1
Severity: wishlist

The details provided in the Technical Details section of the security
dialog are not very helpful.  Yes, they tell me that
bugzilla.mozilla.org is using 256-bit AES, but they don't tell me what
version of TLS is being used (are we using TLS 1.0 with the CBC bug),
the key exchange method (is perfect forward secrecy being used?),
whether CBC or GCM is being used (hopefully the latter), or any other
information about the cipher suite.  I can surmise the signature
algorithm from the certificate provided.  All of this information is
important as technical details, since all of it impacts security.  To my
knowledge, there is no way to acquire this on the client side.

Chromium provides the full cipher suite, although not the TLS version
(last I checked).  Please provide all of this information in the dialog,
or at least provide the user some way to see it.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11-rc7-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages iceweasel depends on:
ii  debianutils         4.4
ii  fontconfig          2.10.2-2
ii  libc6               2.17-92+b1
ii  libgdk-pixbuf2.0-0  2.28.2-1
ii  libglib2.0-0        2.36.4-1
ii  libgtk2.0-0         2.24.20-1
ii  libnspr4            2:4.10-1
ii  libnspr4-0d         2:4.10-1
ii  libsqlite3-0        3.8.0.1-1
ii  libstdc++6          4.8.1-10
ii  procps              1:3.3.8-2
ii  xulrunner-24.0      24.0~b7-1

iceweasel recommends no packages.

Versions of packages iceweasel suggests:
ii  fonts-stix [otf-stix]  1.1.0-1
ii  libgssapi-krb5-2       1.11.3+dfsg-3
pn  mozplugger             <none>
ii  otf-stix               1.1.0-1

Versions of packages xulrunner-24.0 depends on:
ii  libasound2                1.0.27.2-1
ii  libatk1.0-0               2.8.0-2
ii  libbz2-1.0                1.0.6-5
ii  libc6                     2.17-92+b1
ii  libcairo2                 1.12.14-5
ii  libdbus-1-3               1.6.14-1
ii  libdbus-glib-1-2          0.100.2-1
ii  libevent-2.0-5            2.0.21-stable-1
ii  libfontconfig1            2.10.2-2
ii  libfreetype6              2.4.9-1.1
ii  libgcc1                   1:4.8.1-10
ii  libgdk-pixbuf2.0-0        2.28.2-1
ii  libglib2.0-0              2.36.4-1
ii  libgtk2.0-0               2.24.20-1
ii  libhunspell-1.3-0         1.3.2-4
ii  libmozjs24d               24.0~b7-1
ii  libnspr4                  2:4.10-1
ii  libnss3                   2:3.15.1-1
ii  libpango-1.0-0            1.32.5-5+b1
ii  libpixman-1-0             0.30.2-1
ii  libsqlite3-0              3.8.0.1-1
ii  libstartup-notification0  0.12-3
ii  libstdc++6                4.8.1-10
ii  libvpx1                   1.2.0-2
ii  libx11-6                  2:1.6.1-1
ii  libxext6                  2:1.3.2-1
ii  libxrender1               1:0.9.8-1
ii  libxt6                    1:1.1.4-1
ii  zlib1g                    1:1.2.8.dfsg-1

Versions of packages xulrunner-24.0 suggests:
ii  libcanberra0  0.30-2
ii  libgnomeui-0  2.24.5-2

-- no debconf information

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20130907/d09f4720/attachment.sig>

More information about the pkg-mozilla-maintainers mailing list