Bug#787505: libnss3: NSS 3.19.1 breaks icedove IMAPS to server with DH 786 temp key
Ben Caradoc-Davies
ben at transient.nz
Mon Jun 22 20:02:40 UTC 2015
On 23/06/15 01:27, Daniel Kahn Gillmor wrote:
> If there is some perverse reason that we
> need a public IMAP server using terrible DH parameters, i can probably
> set one up, but i'm not inclined to encourage this sort of situation.
Me neither. Given that the rejection of DH keys below 1023 bits is the
intended behaviour specified by upstream, and given that we have one
workaround that users can apply (setting security.ssl3.*dhe* to false)
and one server fix that admins can apply (using a stronger DH temp key),
please consider closing this bug as wontfix. This bug report remains as
Google-fodder to document the cause, workaround, and server fix.
Kind regards,
--
Ben Caradoc-Davies <ben at transient.nz>
Director
Transient Software Limited <http://transient.nz/>
New Zealand
More information about the pkg-mozilla-maintainers
mailing list