Fedora crypto policy vs the real world Was: available crypto policies
Hubert Kario
hkario at redhat.com
Tue May 6 13:32:30 UTC 2014
----- Original Message -----
> From: "Nikos Mavrogiannopoulos" <nmav at redhat.com>
> To: "Hubert Kario" <hkario at redhat.com>
> Cc: "Tomas Mraz" <tmraz at redhat.com>, security at lists.fedoraproject.org
> Sent: Tuesday, 6 May, 2014 2:31:12 PM
> Subject: Re: Fedora crypto policy vs the real world Was: available crypto policies
>
> On Tue, 2014-05-06 at 07:42 -0400, Hubert Kario wrote:
>
> > Sorry, but how does that force a plaintext session?
>
> You try to connect to an https site. It doesn't work and an error
> message is issued that no common ciphers were found. The only thing that
> you can try as user is fall back to http.
That would require the site to be available over HTTP and HTTPS.
All sites that want HTTPS redirect all request given over HTTP to HTTPS
site, so you can't manually downgrade them.
That means the only users that use the HTTPS version are probably people that
have installed HTTPS everywhere extension - not the average user.
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Email: hkario at redhat.com
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
More information about the security
mailing list