Mailinglist Archive: opensuse-security (4 mails)

< Previous Next >
Re: [opensuse-security] Weired result of a ssl test page with my 42.3 Leap laptop (Lenovo)
  • From: Chris Ellis <chris@xxxxxxxxxxx>
  • Date: Wed, 2 Aug 2017 23:48:24 +0100
  • Message-id: <CAF0QPmg0_p=zistsJR_d+zDaWcjZMBvmWX8Bw=xhALKA25pAvg@mail.gmail.com>
Hi

I don't think this is something to be overly concerned by, DH1024 is
considered weak but there are no practical attacks that I'm aware off.

On Wed, Aug 2, 2017 at 6:54 PM, <stakanov@xxxxxxxxxx> wrote:
Given the problems of spyware installed on Lenovo I checked time ago on
badssl with a page controlling for superfish etc.
This is now running on

https://badssl.com/dashboard/

When I run that page, all is OK but one value that comes out faulty. AFAIU my
system responds (with FF) to a page in a way it shouldn't.
Exactly with a DH1024. Which reads on the site as:

This site uses an ephemeral Diffie-Hellman key exchange
over a 1024-bit group.

I looked it up in Google but did find only that this has been a problem in
the past. Could anybody inform me if this is:
a) a Leap problem
b) a FF problem

Looks to be an FF problem, I can replicate on my Tumbleweed and
Android FF installs. There seems to be a bug open:
https://bugzilla.mozilla.org/show_bug.cgi?id=1367617

On Tumbleweed I can't replicate the fail in Chrome

I suggest you also have a look at:
https://www.ssllabs.com/ssltest/viewMyClient.html

c) a problem of my laptop (e.g. Intel Management Engine Interface? - it
shouldn't as it has been deactivated in the BIOS).

Maybe someone could check if this happens on other Leap systems (time ago
that was the same with konqueror which was vulnerable to poodle (apparently
via QT webkit if I did understand well, that should be fixed however).

Konqueror does not come off well in the badssl site.


Thank you.


Regards,
Chris
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread
References