On Mon, 2018-02-26 at 10:26 -0600, mcatanz...@gnome.org wrote:
> On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopoulos
> wrote:
> > regarding the strong crypto change in Fedora28 [0], we have
> > identified
> > few (usually internal) sites which break under firefox or other
> > tools.
> > The
On 02/26/2018 06:02 PM, Randy Barlow wrote:
> Does Firefox use the system wide crypto policy? I adjusted
> /etc/crypto-policies/config to be set to LEGACY and ran
> update-crypto-policies, but Firefox still won't let me access southwest.com:
>
> An error occurred during a connection to southwest.c
Does Firefox use the system wide crypto policy? I adjusted
/etc/crypto-policies/config to be set to LEGACY and ran
update-crypto-policies, but Firefox still won't let me access southwest.com:
An error occurred during a connection to southwest.com. SSL received a
weak ephemeral Diffie-Hellman key i
On 02/26/2018 11:26 AM, mcatanz...@gnome.org wrote:
On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopoulos
wrote:
regarding the strong crypto change in Fedora28 [0], we have identified
few (usually internal) sites which break under firefox or other tools.
The main reason for this breakage is
On Mon, Feb 26, 2018 at 10:26 AM, mcatanz...@gnome.org wrote:
Alternatively, if you want to strengthen the system crypto policy,
then it should not apply to web browsers at all. Or web browsers
should automatically use the weak policy. (We'd need the weak policy
in glib-networking, too.)
Read
On Mon, Feb 26, 2018 at 10:37 AM, Nikos Mavrogiannopoulos
wrote:
> I believe however that we should gather as many data as we can related
> to this security update in Fedora28, and decide after F28 beta is
> released on whether to back this change off, or to ignore this
> breakage. Any data gathe
On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopoulos
wrote:
regarding the strong crypto change in Fedora28 [0], we have identified
few (usually internal) sites which break under firefox or other tools.
The main reason for this breakage is that these sites only support
Diffie-Hellman with 102
I was bitten by this. To workaround the issues in FF and TB, it might
help to change all the "dfe" options in about:config to False, which
might break other sites, but it helped me to access my email again.
Vít
Dne 26.2.2018 v 16:37 Nikos Mavrogiannopoulos napsal(a):
> Hi,
> regarding the str
Hi,
regarding the strong crypto change in Fedora28 [0], we have identified
few (usually internal) sites which break under firefox or other tools.
The main reason for this breakage is that these sites only support
Diffie-Hellman with 1024-bit parameters which are considered too weak
by this change.
