Bug#787505: libnss3: NSS 3.19.1 breaks icedove IMAPS to server with DH 786 temp key

Ben Caradoc-Davies ben at transient.nz
Sun Jun 7 22:38:54 UTC 2015


My current workaround is to disable DHE forward security in icedove 
about:config by setting security.ssl3.*.dhe* to false. (I also set 
security.ssl3.rsa* to false except security.ssl3.rsa_aes_256_sha which 
should be the strongest survivor.) With DHE disabled, I am able to 
connect to the server over IMAPS with libnss3 3.19.1-2 as the weak DH 
temp key is not used.

Kind regards,

-- 
Ben Caradoc-Davies <ben at transient.nz>
Director
Transient Software Limited <http://transient.nz/>
New Zealand



More information about the pkg-mozilla-maintainers mailing list