Accueil » Forum » Trisquel users
Soumis par Mangy Dog le sam, 12/05/2015 - 08:59

Security : Abrowser & Icecat SSL Check & Insecure Cipher Suite Test

2 réponses [Dernière contribution]
sam, 12/05/2015 - 08:59
Mangy Dog
Mangy Dog

I am a member!

I am a translator!

Hors ligne
A rejoint: 03/15/2015

I'm runnning Icedove version 31.5.0 on GnewSense Ucclia
the result of How's my SSL & Cipher suite is bad
insecure cipher suites make it easy for attackers to decrypt data on tapped lines, or make it easy for the attacker to pretend to be the website, stealing secrets directly from the client. Cipher suites are found here for one of many reasons. Insecure cipher suites are only a problem if the server also supports it. Of course, some of these suites don't require the server to prove that they can serve the traffic for the site they claim to, making them easy to man-in-the-middle

May Abrowser & IceCat users test:
https://www.howsmyssl.com/
https://blog.dbrgn.ch/2014/1/8/improving_firefox_ssl_tls_security/

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
sam, 12/05/2015 - 09:24
#1
lembas
lembas
Hors ligne
A rejoint: 05/13/2010

Shouldn't you be posting this to gnewsense? For me (still on tris 6) it says all is fine. My profile is heavily modified but also a virgin abrowser profile gets all good results.

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
sam, 12/05/2015 - 10:52
#2
Mangy Dog
Mangy Dog

I am a member!

I am a translator!

Hors ligne
A rejoint: 03/15/2015

Yes I have notified GnewSense,
Actually the latest Icedove is version 38.4.01 of which am about to install.

Glad to know Abrowser gets good results ;-)

The issue is not the Version 3 of SSL
about:config security.ssl3.rsa_fips_des_ede3_sha
is disabled by default

But several Insecure Cipher Suites

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines