Bug#787505: also affects browsers
Christophe Deleuze
christophe.deleuze at free.fr
Fri Jun 12 08:32:59 UTC 2015
Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
>
> which web sites are you visiting that do FFDHE with weak groups? It is
The authentication portal for my university intranet (!)
> a good thing that the browser does not treat these connections as secure
> connections.
Indeed. But then there's no obvious way to access the site if really
needed.
Possible work-arounds:
- downgrading to 3.19,
- setting about:config security.ssl3.*.dhe* to false as suggested by Ben
Caradoc-Davies above.
Both do work.
Maybe a word on the issue and possible work-arounds should appear in
README.Debian. Also, it could be nice to display a warning about that
when upgrading from 3.19 since it's probably not obvious for
everybody to go look to libnss3 if the browser or mailer fails.
(assuming that complies with the policy about displaying such warnings,
which I don't know).
--
Christophe Deleuze
More information about the pkg-mozilla-maintainers
mailing list