Bug#787505: libnss3: NSS 3.19.1 breaks icedove IMAPS to server with DH 786 temp key
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Jun 22 13:27:48 UTC 2015
On Mon 2015-06-22 01:52:32 -0400, Ben Caradoc-Davies wrote:
> On 21/06/15 11:33, Ben Caradoc-Davies wrote:
>> The best solution is still for all servers to use strong keys (world
>> peace, anyone?).
>
> My IMAPS service provider just responded to my request and upgraded to a
> strong DH temp key. Perhaps world peace is still possible! :-)
Three cheers for world peace! This sort of change is exactly the change
that we want to see happen :)
> $ openssl s_client -connect ub007lcs04.cbr.the-server.net.au:993
> [...]
> Server Temp Key: DH, 2048 bits
> [...]
>
> This also means that I no longer have a weak temp key to test against.
I consider that a good thing :) If there is some perverse reason that we
need a public IMAP server using terrible DH parameters, i can probably
set one up, but i'm not inclined to encourage this sort of situation.
Mike, let me know if you want such a beast to test things against.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20150622/924dda8a/attachment.sig>
More information about the pkg-mozilla-maintainers
mailing list