Re: fedora28 and strong crypto settings

2018-02-27 Thread Nikos Mavrogiannopoulos
On Mon, 2018-02-26 at 10:26 -0600, mcatanz...@gnome.org wrote: > On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopoulos > wrote: > > regarding the strong crypto change in Fedora28 [0], we have > > identified > > few (usually internal) sites which break under firefox or other >

Re: fedora28 and strong crypto settings

2018-02-26 Thread Randy Barlow
On 02/26/2018 06:02 PM, Randy Barlow wrote: > Does Firefox use the system wide crypto policy? I adjusted > /etc/crypto-policies/config to be set to LEGACY and ran > update-crypto-policies, but Firefox still won't let me access southwest.com: > > An error occurred during a connection to

Re: fedora28 and strong crypto settings

2018-02-26 Thread Randy Barlow
Does Firefox use the system wide crypto policy? I adjusted /etc/crypto-policies/config to be set to LEGACY and ran update-crypto-policies, but Firefox still won't let me access southwest.com: An error occurred during a connection to southwest.com. SSL received a weak ephemeral Diffie-Hellman key

Re: fedora28 and strong crypto settings

2018-02-26 Thread Przemek Klosowski
On 02/26/2018 11:26 AM, mcatanz...@gnome.org wrote: On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopoulos wrote: regarding the strong crypto change in Fedora28 [0], we have identified few (usually internal) sites which break under firefox or other tools. The main reason for

Re: fedora28 and strong crypto settings

2018-02-26 Thread mcatanzaro
On Mon, Feb 26, 2018 at 10:26 AM, mcatanz...@gnome.org wrote: Alternatively, if you want to strengthen the system crypto policy, then it should not apply to web browsers at all. Or web browsers should automatically use the weak policy. (We'd need the weak policy in glib-networking, too.)

Re: fedora28 and strong crypto settings

2018-02-26 Thread Jared K. Smith
On Mon, Feb 26, 2018 at 10:37 AM, Nikos Mavrogiannopoulos wrote: > I believe however that we should gather as many data as we can related > to this security update in Fedora28, and decide after F28 beta is > released on whether to back this change off, or to ignore this >

Re: fedora28 and strong crypto settings

2018-02-26 Thread mcatanzaro
On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopoulos wrote: regarding the strong crypto change in Fedora28 [0], we have identified few (usually internal) sites which break under firefox or other tools. The main reason for this breakage is that these sites only support

Re: fedora28 and strong crypto settings

2018-02-26 Thread Vít Ondruch
I was bitten by this. To workaround the issues in FF and TB, it might help to change all the "dfe" options in about:config to False, which might break other sites, but it helped me to access my email again. Vít Dne 26.2.2018 v 16:37 Nikos Mavrogiannopoulos napsal(a): > Hi, > regarding the

fedora28 and strong crypto settings

2018-02-26 Thread Nikos Mavrogiannopoulos
Hi, regarding the strong crypto change in Fedora28 [0], we have identified few (usually internal) sites which break under firefox or other tools. The main reason for this breakage is that these sites only support Diffie-Hellman with 1024-bit parameters which are considered too weak by this