topic title: New Headaches
Posts: 667
jdmeaux1952
Joined: 01 Nov 2013
#1
The Free Software Foundation released a couple of reports today on security and software updates.

Security headache
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://www.fsf.org/blogs/sysadmin/ssl-poodle-and-you"
linktext was:"https://www.fsf.org/blogs/sysadmin/ssl-poodle-and-you"
====================================


GCC updates
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://gcc.gnu.org/gcc-4.9/changes.html"
linktext was:"https://gcc.gnu.org/gcc-4.9/changes.html"
====================================
Posts: 65
balloon
Joined: 27 May 2014
#2
About this, as for the Debian package, OpenSSL finish correspondence.
Firefox and Chromium are near and are coped about the browser. (set by default SSL 3.0 for invalidity)
The interested person can invalidate SSL 3.0 by manual operation.

If it is the always latest and updates package, you do not need to worry about this problem.
Alanarchy
Posts 0
Alanarchy
#3
The interested person can invalidate SSL 3.0 by manual operation.
about:config Name:

Code: Select all

security.ssl3.ecdhe_ecdsa_rc4_128_sha
Default Value:

Code: Select all

true
Modified Value:

Code: Select all

false

about:config Name:

Code: Select all

security.ssl3.ecdhe_rsa_rc4_128_sha
Default Value:

Code: Select all

true
Modified Value:

Code: Select all

false

about:config Name:

Code: Select all

security.ssl3.rsa_rc4_128_md5
Default Value:

Code: Select all

true
Modified Value:

Code: Select all

false

about:config Name:

Code: Select all

security.ssl3.rsa_rc4_128_sha
Default Value:

Code: Select all

true
Modified Value:

Code: Select all

false
Setting the above modified values disables RC4 in Firefox. RC4 is the least secure encryption protocol and even Microsoft recommends to disable it. Until recently, this was not possible without Youtube breaking.