Closed
Bug 586643
Opened 14 years ago
Closed 14 years ago
https://www.tescodiets.com/ uses a very weak (256-bit) Diffie-Hellman key for DHE_RSA SSL cipher suites.
Categories
(Tech Evangelism Graveyard :: English Other, defect)
Tech Evangelism Graveyard
English Other
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: wtc, Assigned: wtc)
References
()
Details
https://www.tescodiets.com/ is an English site located in the United Kingdom. The server uses a very weak (256-bit) Diffie-Hellman key for DHE_RSA SSL cipher suites. See bug 583337 comment 25 and bug 583337 comment 30 for the original report of this problem. To fix this server configuration problem, either - use a 1024-bit Diffie-Hellman key for the DHE_RSA SSL cipher suites, or - disable all DHE SSL cipher suites. The latter may be easier to do.
Assignee | ||
Updated•14 years ago
|
Assignee | ||
Updated•14 years ago
|
Comment 1•14 years ago
|
||
This is no longer an issue with TescoDiets.com as DHE SSL cipher suites are now disabled on the site.
Assignee | ||
Comment 2•14 years ago
|
||
noel.mulryan: thank you very much for your help. Can you find out what SSL implementation (product and version number) TescoDiets.com uses, and how the 256-bit Diffie-Hellman (DH) parameters were generated? Since all the websites affected by bug 583337 have similar DH parameters (256 bits, with a DH_g of 2), I suspect they all use the same SSL implementation, or generated the DH parameters using the same script. This info will help us track down the source of this problem. Please post the info here or email it to me and Nelson Bolyard (in the cc list).
Assignee: english-other → wtc
Status: NEW → ASSIGNED
Assignee | ||
Comment 3•14 years ago
|
||
I received the info by email. Marked the bug fixed.
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•