nanog mailing list archives
Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers
From: Matt Palmer <mpalmer () hezmatt org>
Date: Sat, 18 Jul 2015 12:45:34 +1000
On Fri, Jul 17, 2015 at 07:14:17PM +0000, Michael O Holstein wrote:
making 99% of the web secure is better than keeping an old 1% workingA fine idea, unless for $reason your application is among the 1% .. nevermind the arrogance of the "I'm sorry Dave" sort of attitude.
First they came for SSLv2, and I said nothing because...
As an example .. we have a vendor who, in the current release (last 3 months) still requires "weak" ciphers in authentication responses. That was mostly okay until another vendor (with more sense) wanted to auth the same way but only permitted strong ciphers.
So get up your vendors to update their stuff, and *preferably* before a super-critical hole is found in protocols that should have ideally died a natural death years ago. TLS 1.2, AES, and SHA-256 aren't exactly "OMFG new!" at this stage of the game. Also, take this as a learning experience: next time, make sure RFPs and contracts include an undertaking to maintain compatibility with reasonably recent standards, and financial penalties for the vendor if their failure to do so results in operational problems for you. - Matt -- aren't they getting rarer than amigas now? just without all that fuzzy "good times" nostalgia? -- Ron Lee, in #debian-devel, on Itanic
Current thread:
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers, (continued)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Alexander Maassen (Jul 17)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Robert Drake (Jul 17)
- RE: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Matthew Huff (Jul 17)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Alexander Bochmann (Jul 19)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Jeff Gehlbach (Jul 17)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Alexander Maassen (Jul 17)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Geoffrey Keating (Jul 17)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Michael O Holstein (Jul 17)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Niels Bakker (Jul 17)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Michael O Holstein (Jul 17)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Alexander Maassen (Jul 17)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Matt Palmer (Jul 17)
- Re: Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers tqr2813d376cjozqap1l (Jul 17)
- Re: Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers George Metz (Jul 18)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Matt Palmer (Jul 17)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Michael O Holstein (Jul 17)
- Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Will M. (Jul 19)
- Re: Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers tqr2813d376cjozqap1l (Jul 19)
- RE: Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers Drew Weaver (Jul 20)