Closed Bug 1167373 Opened 10 years ago Closed 10 years ago

Sign addon for Logjam vulnerability

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: mt, Assigned: rail)

References

(
URL
)

Details

Attachments

(2 files)

disable-dhe.xpi 10 years ago Martin Thomson [:mt:] 1.35 KB, application/x-xpinstall		Details
disable-dhe-signed.xpi 10 years ago Rail Aliiev [:rail] 5.06 KB, application/octet-stream		Details

Martin Thomson [:mt:]

Reporter

Description

•

10 years ago

Attached file disable-dhe.xpi — Details

This addon disables DHE cipher suites. It's for the logjam attack announced this week (https://weakdh.org). We decided that this might be a good option to offer to our users since we aren't landing a fix until Firefox 39. Disabling DHE is perhaps a little risky for general consumption. Up to 5% of our connections use DHE and we're not sure if there is a good fallback if we disable it. An addon should help users who are concerned about the attack.

Rail Aliiev [:rail]

Assignee

Updated

•

10 years ago

Assignee: nobody → rail

Rail Aliiev [:rail]

Assignee

Comment 1

•

10 years ago

Attached file disable-dhe-signed.xpi — Details

Rail Aliiev [:rail]

Assignee

Comment 2

•

10 years ago

Done.

Status: NEW → RESOLVED

Closed: 10 years ago

Resolution: --- → FIXED

Martin Thomson [:mt:]

Reporter

Comment 3

•

10 years ago

Many thanks. I'll get this into a.m.o as soon as I can.

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Sign addon for Logjam vulnerability

Categories

(Release Engineering :: General, defect)

Tracking

(Not tracked)

People

(Reporter: mt, Assigned: rail)

References

(
URL
)

Details

Crash Data

Security

(public)

User Story

Attachments

(2 files)

Description

Updated

Comment 1

Comment 2

Comment 3

Attachment

General

Description

File Name

Content Type