Bug#801985: Disable support for 1024-bit Diffie-Hellman?
Matt Kraai
kraai at ftbfs.org
Fri Oct 16 15:12:03 UTC 2015
Package: iceweasel
Version: 38.3.0esr-1
Hi,
https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/
indicates that the NSA may have compromised 1024-bit Diffie-Hellman.
https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH
discusses how browsers can be tested to determine whether they support
1024-bit Diffie-Hellman and, if so, how it can be disabled. Visiting
the site referenced in the latter article, https://www.howsmyssl.com/,
indicates that iceweasel does support 1024-bit Diffie-Hellman. Should
it be disabled by default?
--
Matt https://ftbfs.org/~kraai/
More information about the pkg-mozilla-maintainers
mailing list