oss-sec mailing list archives
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones
From: John Haxby <john.haxby () oracle com>
Date: Tue, 4 Mar 2014 11:12:57 +0000
On 4 Mar 2014, at 11:01, Daniel Kahn Gillmor <dkg () fifthhorseman net> wrote:
Here is another situation where konqueror successfully indicates a "secure" connection to a server that has a known-insecure configuration: point konqueror at: https://demo.cmrg.net/ -- you'll see a successful connection, though that server only offers DHE over a trivially-crackable 16-bit group.
I suspect that this problem is fairly wide-ranging. Apple’s Safari also permits the link. Google Chrome doesn’t permit the link though, it just crashes :) jch
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- CVE Request?: konqueror - https uses all ciphers, even weak ones Marcus Meissner (Feb 27)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Tim Brown (Mar 03)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Kurt Seifried (Mar 03)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones cve-assign (Mar 03)
- Re: Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones John Haxby (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones John Haxby (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Jann Horn (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Felix Eckhofer (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Moritz Naumann (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Kurt Seifried (Mar 03)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Tim Brown (Mar 03)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Hanno Böck (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Kurt Seifried (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones cve-assign (Mar 04)