[Pkg-openssl-devel] Bug#728504: libssl1.0.0: please disable RC4 by default
brian m. carlson
sandals at crustytoothpaste.net
Fri Nov 1 23:57:26 UTC 2013
Package: openssl
Version: 1.0.1e-4
Severity: wishlist
RC4 is insecure. It has significant biases in its output, even if you
drop the beginning of the keystream. It is considered insecure when
used in WEP, in WPA, in TLS, and as a PRNG. Nobody should still be
using it, certainly not by default. Please disable it by default in TLS
negotiations and wherever else a default list of ciphers is provided.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.11-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssl depends on:
ii libc6 2.17-93
ii libssl1.0.0 1.0.1e-4
ii zlib1g 1:1.2.8.dfsg-1
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20130906
-- no debconf information
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20131101/bfd4a5ca/attachment.sig>
More information about the Pkg-openssl-devel
mailing list