Weired result of a ssl test page with my 42.3 Leap laptop (Lenovo)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Weired result of a ssl test page with my 42.3 Leap laptop (Lenovo)

stakanov
Given the problems of spyware installed on Lenovo I checked time ago on badssl with a page controlling for superfish etc.
This is now running on

https://badssl.com/dashboard/

When I run that page, all is OK but one value that comes out faulty. AFAIU my system responds (with FF) to a page in a way it shouldn't.
Exactly with a DH1024. Which reads on the site as:

This site uses an ephemeral Diffie-Hellman key exchange
over a 1024-bit group.

I looked it up in Google but did find only that this has been a problem in the past. Could anybody inform me if this is:
a) a Leap problem
b) a FF problem
c) a problem of my laptop (e.g. Intel Management Engine Interface? - it shouldn't as it has been deactivated in the BIOS).

Maybe someone could check if this happens on other Leap systems (time ago that was the same with konqueror which was vulnerable to poodle (apparently via QT webkit if I did understand well, that should be fixed however).

Thank you.


Mit freenet Mail sicher kommunizieren!
[https://email.freenet.de/emig/index.html?utm_medium=Text&utm_source=Footersatz&utm_campaign=Footersatz_Sicherheit170207&epid=e9900000699&utm_content=Text]
Wir garantieren Ihnen verschl├╝sselte Daten├╝bertragung &
Datenspeicherung auf deutschen Servern - E-Mail made in Germany!

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Weired result of a ssl test page with my 42.3 Leap laptop (Lenovo)

Chris Ellis
Hi

I don't think this is something to be overly concerned by, DH1024 is
considered weak but there are no practical attacks that I'm aware off.

On Wed, Aug 2, 2017 at 6:54 PM,  <[hidden email]> wrote:

> Given the problems of spyware installed on Lenovo I checked time ago on badssl with a page controlling for superfish etc.
> This is now running on
>
> https://badssl.com/dashboard/
>
> When I run that page, all is OK but one value that comes out faulty. AFAIU my system responds (with FF) to a page in a way it shouldn't.
> Exactly with a DH1024. Which reads on the site as:
>
> This site uses an ephemeral Diffie-Hellman key exchange
> over a 1024-bit group.
>
> I looked it up in Google but did find only that this has been a problem in the past. Could anybody inform me if this is:
> a) a Leap problem
> b) a FF problem

Looks to be an FF problem, I can replicate on my Tumbleweed and
Android FF installs.  There seems to be a bug open:
https://bugzilla.mozilla.org/show_bug.cgi?id=1367617

On Tumbleweed I can't replicate the fail in Chrome

I suggest you also have a look at:
https://www.ssllabs.com/ssltest/viewMyClient.html

> c) a problem of my laptop (e.g. Intel Management Engine Interface? - it shouldn't as it has been deactivated in the BIOS).
>
> Maybe someone could check if this happens on other Leap systems (time ago that was the same with konqueror which was vulnerable to poodle (apparently via QT webkit if I did understand well, that should be fixed however).

Konqueror does not come off well in the badssl site.

>
> Thank you.
>

Regards,
Chris
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Loading...