Hi,
mercedes508 wrote (07 Oct 2013 13:46:44 GMT) :
> a recent bug report suggests that Iceweasel should choose a better
> cipher for certificate by default. Details below.
>> When browsing to a website such as https://www.twitter.com and viewing
>> the certificate/connection details,the default certificate suite
>> presented doesn't choose better ciphers by default.
>> It should choose aes-128 or aes-256 with dhe by default.
I tend to agree, *but* I don't think that's an area where it would be
wise to create (and forever maintain) a delta with our upstreams.
Also, there's the fingerprinting problem: a fix to this directly in
Tails could make it better, or worse.
If someone has time to tackle this, then the next steps are:
1. Try reproducing it on current Tails.
2. Try reproducing it with an experimental Tails ISO built on Wheezy:
http://nightly.tails.boum.org/build_Tails_ISO_feature-wheezy/
3. Try reproducing it with the TBB.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc