[GRLUG] FF 33 & SSL

Mark Farver mfarver at mindbent.org
Tue Nov 4 17:29:56 EST 2014


As far as I know Firefox stopped trusting CAs with certs less than 1024
bits.  I would not expect this to have any effect on self signed certs.

And it is negligent in the extreme to have been creating certs and CAs with
less than 2048bits and/or MD5 hashes for at least the last 5 years.

Yes it will suck but fix it anyway.  If it is worth doing crypto it is
worth doing crypto right.

Mark
On Nov 4, 2014 5:06 PM, "L. V. Lammert" <lvl at omnitec.net> wrote:

> Just found out that FF 33 is now blockig SSL connections with certs less
> than 1024 bits, .. which is a show-stopper for me as I have many systems
> (e.g. Webmin) on local machines and I would prefer to NOT have to diddle
> them to regenerate certs.
>
> Has anyone figured out a way to get FF 33 to connect to 512 bit
> connections?
>
>         Lee
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20141104/fc6ecab8/attachment.html>


More information about the grlug mailing list