Bug#787505: libnss3: NSS 3.19.1 breaks icedove IMAPS to server with DH 786 temp key
Mike Hommey
mh at glandium.org
Sat Jun 20 21:48:35 UTC 2015
On Tue, Jun 02, 2015 at 10:45:25PM +1200, Ben Caradoc-Davies wrote:
> Package: libnss3
> Version: 2:3.19-1
> Severity: normal
>
> Dear Maintainer,
>
> since upgrade to NSS 3.19.1, icedove refuses to connect to an IMAPS server with
> a "Server Temp Key: DH, 768 bits". Workaround is to downgrade to NSS 3.19 or
> change icedove connection to unencrypted IMAP.
>
> To protect against logjam attacks, NSS 3.19.1 refuses to connect to servers
> with a finite field algorithm key strength less than 1023 bits:
> https://developer.mozilla.org/en-
> US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
>
> This behaviour breaks icedove on Debian clients that need to connect to IMAPS
> servers with weak server temp keys. Note that these are clients which have no
> control over configuration of remote servers. Workaround is to downgrade to NSS
> 3.19 or change icedove connection to unencrypted IMAP.
Can you check with 3.19.2-1?
Mike
More information about the pkg-mozilla-maintainers
mailing list