Bug 13760

Summary: Your SSL client is Bad.
Product: Mageia Reporter: Bjarne Thomsen <bjarne.thomsen>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact:
Severity: normal    
Priority: Normal    
Version: 4   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: https://www.howsmyssl.com/
Whiteboard:
Source RPM: firefox-24.6.0-1.mga4 CVE:
Status comment:

Description Bjarne Thomsen 2014-07-18 04:51:52 CEST 
Description of problem:
Bad Your client is using TLS 1.0, which is very old, possibly susceptible to the BEAST attack, and doesn't have the best cipher suites available on it. Additions like AES-GCM, and SHA256 to replace MD5-SHA-1 are unavailable to a TLS 1.0 client as well as many more modern cipher suites.

protonmail does not support firefox-24.6

Any hope to have a backport of firefox-30.0?

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.


Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2014-07-18 14:37:05 CEST 
Not a packaging problem, first of all.  Second of all, a newer FF won't matter, because it uses NSS for its SSL/TLS stuff, and we already have the newest NSS (and we will have a newer FF when the next stable ESR version comes out).  TLS negotiates the best TLS version and ciphers that both the client and server support, as I understand it, so that site is only telling you that your browser supports some older/weaker ones, which is required sometimes unfortunately.  As time goes by, you'll probably see some of these get dropped.  According to the normal schedule, 31 should be the next stable version, so please be patient.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Comment 2 David Walser 2014-07-18 14:43:45 CEST 
Also, about:config lets you control the minimum and maximum TLS versions supported, but it apparently doesn't support newer than 1.0 yet, and it also allows you to disable individual ciphers.
Comment 3 Bjarne Thomsen 2014-07-18 16:15:40 CEST 
Maybe it is a bug at protonmail.ch? I have reported the problem to protonmail.