On Tue 2015-06-02 06:45:25 -0400, Ben Caradoc-Davies wrote:
> since upgrade to NSS 3.19.1, icedove refuses to connect to an IMAPS server
> with
> a "Server Temp Key: DH, 768 bits". Workaround is to downgrade to NSS 3.19 or
> change icedove connection to unencrypted IMAP.
>
> To protect against logjam attacks, NSS 3.19.1 refuses to connect to servers
> with a finite field algorithm key strength less than 1023 bits:
> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
>
> This behaviour breaks icedove on Debian clients that need to connect to IMAPS
> servers with weak server temp keys. Note that these are clients which have no
> control over configuration of remote servers. Workaround is to downgrade to
> NSS
> 3.19 or change icedove connection to unencrypted IMAP.
This sounds like a feature, not a bug, because it means that users are
now aware that their "secure" imap connections are probably not what
they expect.
Are these IMAP servers in the wild? Could you point me to them?
--dkg
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
