It is currently Mon Apr 24, 2017 7:31 am



Welcome
Welcome to antiX-forum.

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. Registration is fast, simple, and absolutely free, so please, join our community today!


Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 
Author Message
 Post subject: New Headaches
PostPosted: Sat Nov 01, 2014 8:13 pm 
Offline
User avatar

Joined: Fri Nov 01, 2013 6:43 pm
Posts: 648
Location: Lafayette, LA, USA
The Free Software Foundation released a couple of reports today on security and software updates.

Security headache https://www.fsf.org/blogs/sysadmin/ssl-poodle-and-you

GCC updates https://gcc.gnu.org/gcc-4.9/changes.html

_________________
Phear the Penguin.
I am not CrAzY. And I have a paper from the doctors to prove it!
MSI S6000 i5-460M 4 Gb ram

A great mind is something to get terribly wasted.
LRU# 563815


Top
 Profile  
 
 Post subject: Re: New Headaches
PostPosted: Sun Nov 02, 2014 4:07 am 
Offline
User avatar

Joined: Tue May 27, 2014 3:25 pm
Posts: 64
Location: Japan
About this, as for the Debian package, OpenSSL finish correspondence.
Firefox and Chromium are near and are coped about the browser. (set by default SSL 3.0 for invalidity)
The interested person can invalidate SSL 3.0 by manual operation.

If it is the always latest and updates package, you do not need to worry about this problem.

_________________
BALLOON a.k.a. Fu-sen. (ふうせん Fu-sen.) from Japan | MX-16
MX Linux Japanese Infomation MX を使おう https://mxlinux.jimdo.com/
MX Linux Forum balloon https://forum.mxlinux.org/memberlist.ph ... le&u=17086


Top
 Profile  
 
 Post subject: Re: New Headaches
PostPosted: Fri Dec 19, 2014 2:29 pm 
Quote:
The interested person can invalidate SSL 3.0 by manual operation.


about:config Name:
Code:
security.ssl3.ecdhe_ecdsa_rc4_128_sha


Default Value:
Code:
true


Modified Value:
Code:
false



about:config Name:
Code:
security.ssl3.ecdhe_rsa_rc4_128_sha


Default Value:
Code:
true


Modified Value:
Code:
false



about:config Name:
Code:
security.ssl3.rsa_rc4_128_md5


Default Value:
Code:
true


Modified Value:
Code:
false



about:config Name:
Code:
security.ssl3.rsa_rc4_128_sha


Default Value:
Code:
true


Modified Value:
Code:
false


Setting the above modified values disables RC4 in Firefox. RC4 is the least secure encryption protocol and even Microsoft recommends to disable it. Until recently, this was not possible without Youtube breaking.


Top
  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
suspicion-preferred