[Ach] Logjam: Missing Debian Stable "Features"
adi at kriegisch.at
Thu May 21 12:21:55 CEST 2015
> Should we actually discourage using Debian stable? ;)
I actually thought about that myself and use nginx from backports
whereever I can (which includes proxying apache on localhost
This gives all the nice features bettercrypto suggests.
> Regarding logjam, DH recommendations have been in better crypto for a
> while. But if we cross-check the default apache in debian, only the
> April, 25th stable release "Jessie" even allows setting the
> "SSLOpenSSLConfCmd" command...
Correct. Therefor I filed this bug:
> I remember a similar scenario last year about available openssh ciphers
> and exchanges.
use openssh from backports... even supports ed25519.
What is still missing in backports.d.o is an exim that is linked against a
more recent (available in backports) gnutls. The same applys to openldap &
> I mean: not backporting such "new features" is actually a security risk
> in that context.
Yes. But backporting leaves the risk of doing it wrong or missing bits or
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 827 bytes
Desc: Digital signature
More information about the Ach