oss-sec mailing list archives
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones
From: Moritz Naumann <info () moritz-naumann com>
Date: Tue, 04 Mar 2014 18:42:22 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Felix Eckhofer:
On Ubuntu, both Google Chrome 33.0.1750.146 from the official Google repo as well as Chromium 32.0.1700.107 from Ubuntu's repo crashes when trying to open the demo site and also when trying to open a page with an image embedded such as https://dump.tribut.de/democmrgnet.html
Ubuntu 13.10 x86_64 backtrace (incomplete due to missing net/ssl/ssl_info.cc): http://pastebin.com/JKbGez4n Here's a "test" with various web browsers and operating systems (I do not expect all of these systems to have the latest security updates installed): http://browsershots.org/https://demo.cmrg.net:443/ According to this, Safari 6.1.2 (AppleWebKit 537.74.9) on Mac OS X 10.8 (Mountain Lion), connects without a warning, too: http://browsershots.org/screenshots/ba96ee74531204523d00c6becc1911af Moritz -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJTFh6CXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMEEwRkYzMTUwODdEMEUzQkU0QzVGMkVC RDk2RUNBRDkzNDUwMEIwAAoJEL2W7K2TRQCwrfQP/A1hCDortjSfTgUMBptXJLVi bsc0vc87LDmM4Wq5tJ9JEt5r11aZPNwP9xcL3sXPfrg1WIRhFh2E+utCkXTCsXcP eHP7rJlAjpo1nIO2DI3sjZozkPdiW5d/8clKY37cziQq4PnO6PgWhJwd/sftDWnX edH3ZG2//BYL9ueSy8LXaPjjTQ+WHKNJ+SleFLz57Pc7vGQuc3bgdwRmjoZFQfMc wfBrqau2jnoIDCksHTGzZXaJQSkjtHc/UIsIdr/qYSaL/qUxbu9iDoMsmjqVLIEr 4zlSPZudoddoaR1SEUdQMGRgz+/pN4jLjEz8iK1YufDFyMrYx6kJNoQgCeh0VKe5 vpiU+6H/UTRKnOF6HvNXhe+cikL2aFbax94JCP5NxjFCwlY3/fdn/scN2r73eJih GkXrMqEQdjvYERDm89zjKAm7HG9MHZgTzrbZaG0Txfsd/sxvh30Y0nwcd4TSB1KO P6lumzBi2SYTucJPF5f6dsYiL3yapYDjBa51uxQasDUtUqYtjps+RZjPsBFA7SVn YmSRGxquMXkUsKEa0cDfRGF3CTIx99YOOGKeZXG0RBUU/xkcP9NK602MudSqLvuE PIUWoggf/58CjnF7cJkYg19q7OInmX9uig6EOLV6wE0IyJeoNBwz54X7/gQIjOJU c9bmPcCcqkeRDWFSTJV3 =d0oK -----END PGP SIGNATURE-----
Current thread:
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones, (continued)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Kurt Seifried (Mar 03)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones cve-assign (Mar 03)
- Re: Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones John Haxby (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones John Haxby (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Jann Horn (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Felix Eckhofer (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Moritz Naumann (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Kurt Seifried (Mar 03)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Hanno Böck (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Kurt Seifried (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones cve-assign (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 13)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones cve-assign (Mar 13)