Bug#778747: [Pkg-openssl-devel] Bug#778747: openssl: RFC 7465 says RC4 is broken, never to be used

>With TLS it should be no problem to have those weak ciphers in the list I dont agree with this.. Due to weak crypters avaible and programs ( for example postfix ) offering them over TLS also cause problems. Google for : postfix SSL_accept error from for example.. This is mainly due

Bug#778747: [Pkg-openssl-devel] Bug#778747: openssl: RFC 7465 says RC4 is broken, never to be used

On Sun, Feb 22, 2015 at 01:49:16AM +0100, Florian Schlichting wrote: > On Fri, Feb 20, 2015 at 10:50:20PM +0100, Kurt Roeckx wrote: > > On Fri, Feb 20, 2015 at 10:08:48PM +0100, Florian Schlichting wrote: > > > | RC4 3880.5871 > > > | RC4 Only 3712

Bug#778747: [Pkg-openssl-devel] Bug#778747: openssl: RFC 7465 says RC4 is broken, never to be used

On Fri, Feb 20, 2015 at 10:50:20PM +0100, Kurt Roeckx wrote: > On Fri, Feb 20, 2015 at 10:08:48PM +0100, Florian Schlichting wrote: > > | RC4 3880.5871 > > | RC4 Only 3712 0.7918 > > | RC4 Preferred 64613 13.7832 > > | RC4 forced i

Bug#778747: [Pkg-openssl-devel] Bug#778747: openssl: RFC 7465 says RC4 is broken, never to be used

On Fri, Feb 20, 2015 at 10:08:48PM +0100, Florian Schlichting wrote: > On Fri, Feb 20, 2015 at 06:25:44PM +0100, Kurt Roeckx wrote: > > On Fri, Feb 20, 2015 at 06:10:59PM +0100, Florian Schlichting wrote: > > > What servers, and what clients are we talking about here? > > > > You might want to loo

Bug#778747: [Pkg-openssl-devel] Bug#778747: openssl: RFC 7465 says RC4 is broken, never to be used

On Fri, Feb 20, 2015 at 06:25:44PM +0100, Kurt Roeckx wrote: > On Fri, Feb 20, 2015 at 06:10:59PM +0100, Florian Schlichting wrote: > > What servers, and what clients are we talking about here? > > You might want to look at those stats: > https://lists.fedoraproject.org/pipermail/security/2015-Feb

Bug#778747: [Pkg-openssl-devel] Bug#778747: openssl: RFC 7465 says RC4 is broken, never to be used

On Fri, Feb 20, 2015 at 06:10:59PM +0100, Florian Schlichting wrote: > Hi Kurt, > > > > To protect our users and comply with adopted Internet standards, openssl > > > in Debian should no longer include RC4 ciphers in the DEFAULT list of > > > ciphers, neither in Jessie nor supported stable / oldst

Bug#778747: [Pkg-openssl-devel] Bug#778747: openssl: RFC 7465 says RC4 is broken, never to be used

Hi Kurt, > > To protect our users and comply with adopted Internet standards, openssl > > in Debian should no longer include RC4 ciphers in the DEFAULT list of > > ciphers, neither in Jessie nor supported stable / oldstable releases. > > I fully support that RFC. However I don't think it's a goo

Bug#778747: [Pkg-openssl-devel] Bug#778747: openssl: RFC 7465 says RC4 is broken, never to be used

On Thu, Feb 19, 2015 at 10:38:14AM +0100, Florian Schlichting wrote: > Package: openssl > Version: 1.0.1e-2+deb7u14 > Severity: serious > Tags: security > > Newly released RFC 7465 [0] describes RC4 as being "on the verge of > becoming practically exploitable" and consequently mandates that both >