Summary: | www-client/mozilla-firefox-3 prefers the unproven Camellia cipher with Apache on Gentoo | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Marti Raudsepp <marti> |
Component: | Current packages | Assignee: | Apache Team - Bugzilla Reports <apache-bugs> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | CC: | leio, mozilla, rbu |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Marti Raudsepp
2008-09-24 20:22:19 UTC
*** Bug 238603 has been marked as a duplicate of this bug. *** Thanks for uttering your concerns with us. However, I'm reassigning your bug to the Mozilla herd. There is no obvious security impact (yet), and we won't be reviewing the protocol ourselves. Limiting ciphers is something that (as you pointed out) is done in a client, so disabling it in Apache would be counter-productive for systems that do not support other ciphers than Camellia. Your concerns are probably better addressed upstream, but I'll let our Mozilla maintainers decide on that. Not a firefox bug(not gentoo's firefox, that is, as he says in any os it occurs the same). why is this assigned to base-system ? it does not manage any web package such as browsers or servers ... uhm? maybe report this upstream, or just remove the cipher from your config? |