[Ach] Logjam: Missing Debian Stable "Features"
Axel Hübl
axel.huebl at web.de
Thu May 21 12:11:27 CEST 2015
Hi,
Should we actually discourage using Debian stable? ;)
Regarding logjam, DH recommendations have been in better crypto for a
while. But if we cross-check the default apache in debian, only the
April, 25th stable release "Jessie" even allows setting the
"SSLOpenSSLConfCmd" command...
I remember a similar scenario last year about available openssh ciphers
and exchanges.
I mean: not backporting such "new features" is actually a security risk
in that context.
Axel
On 21.05.2015 12:01, L. Aaron Kaplan wrote:
>
> https://bettercrypto.org/blog/2015/05/20/tls-logjam/
>
> Thanks Pepi, nice testing instructions!
>
> Great write-up (in german) by Hanno as well: http://www.golem.de/news/logjam-angriff-schwaeche-im-tls-verfahren-gefaehrdet-zehtausende-webseiten-1505-114161.html
>
> a.
>
>
> ---
> // L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
> // CERT Austria - http://www.cert.at/
> // Eine Initiative der nic.at GmbH - http://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
>
>
>
>
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150521/37a6b6f8/attachment.sig>
More information about the Ach
mailing list