![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
CVE Request?: konqueror - https uses all ciphers, even weak ones
From: Marcus Meissner <meissner () suse de>
Date: Thu, 27 Feb 2014 18:30:54 +0100
Hi, I am wondering a bit ... We received this bugreport for the KDE default webbrowser Konqueror: https://bugzilla.novell.com/show_bug.cgi?id=865241 Basically https://www.howsmyssl.com reports that even the weak EXPORT ciphera are in use by konqueror. And yes, it is right... DES40, RC2, DES_CBC (single DES) ... should definitely not be used these days anymore. Do you think use of export ciphers should get CVEs these days? It does not seem intentional, konqueror just uses everything openssl has without explicit filtering by default. I also failed to find a module to configure the ciphers in the KDE configuration module jungle. Ciao, Marcus
Current thread:
- CVE Request?: konqueror - https uses all ciphers, even weak ones Marcus Meissner (Feb 27)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Tim Brown (Mar 03)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Kurt Seifried (Mar 03)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones cve-assign (Mar 03)
- Re: Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones John Haxby (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones John Haxby (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Jann Horn (Mar 04)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Kurt Seifried (Mar 03)
- Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Tim Brown (Mar 03)