Bug#766007: iceweasel: SSL error - cannot connect to certain servers
Norbert Preining
preining at logic.at
Sun Oct 26 23:34:32 UTC 2014
Hi everyone,
thanks for the comments.
> Apparently there are various appropriate offline tools, try
> something from here:- ??
> https://github.com/ssllabs/research/wiki/Assessment-Tools
Done so, I used cipherscan
> [or, alternatively, arrange a temporary port-443 forward through
> to the server one way or another... I've done this to test IMAP
> servers etc...], so ssllabs can talk to that.
Umpf, I prefer not to do that as I probably will get into
deep **** from my workplace doing this :-(
On Fri, 24 Oct 2014, Daniel Kahn Gillmor wrote:
> yes, certainly, though i would suggest "nudge" rather than "kick" --
Yeah, that was not meant physically, I know when I have to
be very nice ;-)
> It's possible that this is an extension-intolerant SSLv3 server, which
> would mean that it only works when no extensions were set at all.
So What I got from cipherscan is the following:
prio ciphersuite protocols pfs_keysize
1 RC4-SHA SSLv3
2 RC4-MD5 SSLv2,SSLv3
3 EDH-RSA-DES-CBC3-SHA SSLv3 DH,1024bits
4 DES-CBC3-SHA SSLv3
5 EDH-RSA-DES-CBC-SHA SSLv3 DH,1024bits
6 DES-CBC-SHA SSLv3
7 EXP-DES-CBC-SHA SSLv3 RSA,512bits
8 EXP-RC4-MD5 SSLv2,SSLv3 RSA,512bits
Does this tell you masters anything? It seems that it is SSLv3 only
considering SSLv2 as even worse?
Norbert
------------------------------------------------------------------------
PREINING, Norbert http://www.preining.info
JAIST, Japan TeX Live & Debian Developer
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
------------------------------------------------------------------------
More information about the pkg-mozilla-maintainers
mailing list