Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

logjam related disabling of two more DH ciphers #18

Merged
merged 2 commits into from
May 21, 2015

Conversation

graste
Copy link
Contributor

@graste graste commented May 21, 2015

See "The logjam attack" – https://weakdh.org/. The two ciphers are enabled at the moment in user.js but are susceptible to the logjam attack and thus should be disabled as well.

@graste
Copy link
Contributor Author

graste commented May 21, 2015

Hm, now that I scroll through the README these two entries are no longer valid with the acceptance of this PR, aren't they?

    Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
    Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)

Should I make a second commit and remove them from the README file?

@pyllyukko
Copy link
Owner

Indeed we could mitigate against LogJam with this.

I'm afraid many sites will break if we disable these two. Have you tried whether you're able to browse freely with these disabled?

I'll switch them off myself and check back whether it causes too much issues.

@pyllyukko
Copy link
Owner

Should I make a second commit and remove them from the README file?

And yes, the README should be updated also. Second commit should do the trick.

@graste
Copy link
Contributor Author

graste commented May 21, 2015

You're right. I didn't try it. Will change the README though in case no problems appear and the PR might be acceptable…

@pyllyukko
Copy link
Owner

Please test with your browser also and tell us if there's any issues? Thanks.

@graste
Copy link
Contributor Author

graste commented May 21, 2015

Will do, but it's not my everyday browser at the moment. :-)

@pyllyukko
Copy link
Owner

With (very) quick testing, no sites found... will continue.

@pyllyukko
Copy link
Owner

Ok. I'll merge this. If there's some problems, we'll just revert it. It's a shame, as these ciphers have the forward secrecy property. I think we should re-enable them at some point when the dust settles.

pyllyukko added a commit that referenced this pull request May 21, 2015
LogJam related disabling of two more DH(E) ciphers
@pyllyukko pyllyukko merged commit 7ebbff1 into pyllyukko:master May 21, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants