Re: Scripts that run insecurely-downloaded code

To: debian-security@lists.debian.org
Subject: Re: Scripts that run insecurely-downloaded code
From: estellnb@elstel.org
Date: Sat, 02 May 2020 19:21:40 +0200
Message-id: <[🔎] fdaf4510f40939879adb2131691b967e@elstel.org>
In-reply-to: <[🔎] ed512d4899610029aa7c8004c66b220b6c5ba5e0.camel@thefnords.org>
References: <[🔎] a5aded84-6cff-8ceb-6b6b-6dd88b66c4dc@zoho.com> <[🔎] 3fc09223-2566-fb68-00ab-65c277d8e86c@elstel.org> <[🔎] 369e1054-8c41-7d96-b7f8-44fcd987b6a5@zoho.com> <[🔎] 7a9e5815-2491-b77d-001f-c5514f17cd4c@gmail.com> <[🔎] 5f9ca12a474dc3c6fff945d6af2eb377@elstel.org> <[🔎] ed512d4899610029aa7c8004c66b220b6c5ba5e0.camel@thefnords.org>

I've seen this before with Firefox.  Basically Firefox has disabled
weaker certificates from
working, where Chrome and IE still accept ones with 128bit encryption,
they do show an error (at
least in Chrome) if you dig into the SSL debug screen.  Firefox just
refuses to view it.

Ah, I have read somewhere on the internet that AES-256 would be lesssecure than AES-128 because the AES algorithm has been designed for128bit.

Reply to:

References:
- Scripts that run insecurely-downloaded code
  - From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
- Re: Scripts that run insecurely-downloaded code
  - From: Elmar Stellnberger <estellnb@elstel.org>
- Re: Scripts that run insecurely-downloaded code
  - From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
- Re: Scripts that run insecurely-downloaded code
  - From: Davide Prina <davide.prina@gmail.com>
- Re: Scripts that run insecurely-downloaded code
  - From: estellnb@elstel.org
- Re: Scripts that run insecurely-downloaded code
  - From: Jason Fergus <leech@thefnords.org>

Prev by Date: Fwd: Re: AW:webhosting mit DANE
Next by Date: Fwd: Re: arbitrary code execution on unformatted usb stick
Previous by thread: Re: Scripts that run insecurely-downloaded code
Next by thread: Re: Scripts that run insecurely-downloaded code
Index(es):
- Date
- Thread