Bug#774195: marked as done (libnss3: libpkix incorrect prefers older, weaker certs over stronger, newer certs)
Andrew Ayer
agwa at andrewayer.name
Tue Jun 2 19:12:28 UTC 2015
On Mon, 1 Jun 2015 16:46:35 +0900
Mike Hommey <mh at glandium.org> wrote:
> > It's up to Mike whether to fix that in the upcoming point release.
> > We're not planning a DSA for this issue alone, but it can be fixed
> > along when upstream releases changes to address the weakdh issue.
>
> ... which, afaik, is in 3.19.1 released a few days ago (and now in
> unstable).
Indeed it is, according to the release notes [1]:
"The minimum strength of keys that libssl will accept for
finite field algorithms (RSA, Diffie-Hellman, and DSA) have been
increased to 1023 bits (bug 1138554)."
A DSA fixing the weakdh and chain building issues would be great!
Cheers,
Andrew
[1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
More information about the pkg-mozilla-maintainers
mailing list