On jeu., 2014-10-16 at 10:28 -0500, Marco Galicia wrote:
> *shoulnd't iceweasel be recompiled to include this option in the
> complilation settings??*
You're not asking at the correct place, it's a bit unlikely the
maintainer read that list.
But in any case, Mozilla themselves intend to disable S
Sorry about the double email, this is the original source for Mozilla
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
2014-10-17 9:12 GMT+13:00 Pedro Worcel :
> Just something related I happened to stumble across:
>
> http://www.bit-tech.net/news/bits/2014/
Just something related I happened to stumble across:
http://www.bit-tech.net/news/bits/2014/10/15/google-mozilla-sslv3/1
I would like to point out what security.tls.version.min actually does:
http://kb.mozillazine.org/Security.tls.version.*
Setting security.tls.version.min to 1 allows TLSv1.0 to be used, which
is vulnerable to a similar padding oracle attack (and timing oracle
attacks) found long ago. You shoul
Hi,
As I know, a new vulnerability called poodle has been discovered regadirng
https. This vulnerabilty takes advantage of the ssl 3.0, and forcecs the
https protocol to use this outdated protocol.
I have been told that a fix for this vulnerabilty is to disable the use of
this protocol in the web
René Mayrhofer wrote:
> On 2014-09-25 06:24, Hans-Christoph Steiner wrote:
>>
>> W. Martin Borgert wrote:
>>> On 2014-09-24 23:05, Hans-Christoph Steiner wrote:
* the signature files sign the package contents, not the hash of
whole .deb file (i.e. control.tar.gz and data.tar.gz).
>>>
6 matches
Mail list logo
