Last Comment Bug 583914 - https://portal-plumprod.cgc.enbridge.com uses a very weak (256-bit) Diffie-Hellman key for DHE_RSA SSL cipher suites.
: https://portal-plumprod.cgc.enbridge.com uses a very weak (256-bit) Diffie-He...
Status: RESOLVED FIXED
:
Product: Tech Evangelism Graveyard
Classification: Graveyard
Component: English Other (show other bugs)
: unspecified
: All All
: -- normal
: ---
Assigned To: english-other
:
Mentors:
https://portal-plumprod.cgc.enbridge.com
Depends on:
Blocks: 583337 584138
  Show dependency treegraph
 
Reported: 2010-08-02 16:54 PDT by Wan-Teh Chang
Modified: 2015-04-19 23:39 PDT (History)
10 users (show)
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description Wan-Teh Chang 2010-08-02 16:54:56 PDT
https://portal-plumprod.cgc.enbridge.com is an English site
located in Ontario, Canada.

The server uses a very weak (256-bit) Diffie-Hellman key for
DHE_RSA SSL cipher suites.  See 583337 comment 6 for the
original report of this problem.

To fix this server configuration problem, either
- use a 1024-bit Diffie-Hellman key for the DHE_RSA SSL cipher
  suites, or
- disable all DHE SSL cipher suites.

The latter may be easier to do.
Comment 1 Boris Zbarsky [:bz] (Out June 25-July 6) 2010-08-03 11:19:51 PDT
So... we seem to have no sane way to set blocking flags on TE bugs.  Mike, Christian, do we need to move this to Core or something?
Comment 2 Mike Beltzner [:beltzner, not reading bugmail] 2010-08-03 11:33:07 PDT
Multi-state blocking flags require us to (ugh, christ) patch bugzilla to apply to other products. Easiest thing to do is: file a new bug in Firefox::General, set that to blocking, set it to depend on this one, grimace.
Comment 3 Wan-Teh Chang 2010-10-29 09:47:17 PDT
https://portal-plumprod.cgc.enbridge.com has disabled all 
DHE SSL cipher suites.  Marked the bug fixed.

Note You need to log in before you can comment on or make changes to this bug.