[Tails-dev] SSL cipher suite in the web browser [Was: Bug re…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: [Tails-dev] SSL cipher suite in the web browser [Was: Bug report: 203014bd6ba2a1ac3a47eddfa8743ac9]
Hi,

mercedes508 wrote (07 Oct 2013 13:46:44 GMT) :
> a recent bug report suggests that Iceweasel should choose a better
> cipher for certificate by default. Details below.


>> When browsing to a website such as https://www.twitter.com and viewing
>> the certificate/connection details,the default certificate suite
>> presented doesn't choose better ciphers by default.
>> It should choose aes-128 or aes-256 with dhe by default.


I tend to agree, *but* I don't think that's an area where it would be
wise to create (and forever maintain) a delta with our upstreams.
Also, there's the fingerprinting problem: a fix to this directly in
Tails could make it better, or worse.

If someone has time to tackle this, then the next steps are:

1. Try reproducing it on current Tails.
2. Try reproducing it with an experimental Tails ISO built on Wheezy:
http://nightly.tails.boum.org/build_Tails_ISO_feature-wheezy/
3. Try reproducing it with the TBB.

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc