Re: Fedora crypto policy vs the real world Was: available crypto policies
----- Original Message -----
From: "Nikos Mavrogiannopoulos" <nmav(a)redhat.com>
To: "Hubert Kario" <hkario(a)redhat.com>
Cc: "Tomas Mraz" <tmraz(a)redhat.com>, security(a)lists.fedoraproject.org
Sent: Tuesday, 6 May, 2014 2:31:12 PM
Subject: Re: Fedora crypto policy vs the real world Was: available crypto policies
On Tue, 2014-05-06 at 07:42 -0400, Hubert Kario wrote:
> Sorry, but how does that force a plaintext session?
You try to connect to an https site. It doesn't work and an error
message is issued that no common ciphers were found. The only thing that
you can try as user is fall back to http.
That would require the site to be available over HTTP and HTTPS.
All sites that want HTTPS redirect all request given over HTTP to HTTPS
site, so you can't manually downgrade them.
That means the only users that use the HTTPS version are probably people that
have installed HTTPS everywhere extension - not the average user.
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Email: hkario(a)redhat.com
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic