We have moved to a new Sailfish OS Forum. Please start new discussions there.
30

SSL client is Bad [released]

asked 2014-01-10 21:34:47 +0200

meneer gravatar image

updated 2014-03-12 10:53:39 +0200

veskuh gravatar image

The site www.howsmyssl.com reports the current ssl implementation as Bad.

SSL: version = Improvable (1.2 would be better than current 1.1) Ephemeral Key Support = Good Session Ticket Support = Good TLS Compression = Good BEAST Vulnerability = Good Insecure Cipher Suites = Bad ("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA: This cipher was meant to die with SSL 3.0 and is of unknown safety.")

The score is quire similar to Firefox 26, although Sailfish OS SSL version is more recent (1.1 for Jolla, 1.0 for Firefox)

It would be advisableto upgrade the Cipher Suite.

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by nthn
close date 2017-03-06 12:51:15.020841

Comments

Sounds good.

Sailor ( 2014-01-10 23:05:58 +0200 )edit

Yes it should - be better ;)

foss4ever ( 2014-01-11 02:19:05 +0200 )edit
2

The page is only showing the supported cipher suites, but this bad cipher suite has not to be the default. So yes, the ssl implementation is using a insecure connection, but only if the server is not supporting a better one. So it is not that bad as shown on the start screen of this test.

balta ( 2014-01-11 07:51:46 +0200 )edit

You can enable TLS 1.2 in the default browser to fix the main issue which makes the current configuration vulnerable, but you'll have to use a user.js file for it since about:config doesnt work in the browser.

vasavr ( 2014-02-06 01:39:30 +0200 )edit

added to https://together.jolla.com/questions/4660

prometoys ( 2014-02-13 00:46:50 +0200 )edit

2 Answers

Sort by » oldest newest most voted
14

answered 2014-01-11 20:17:02 +0200

tigeli gravatar image

Yes, it would seem SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is supported (not preferred) and then again TLS1.2 is not supported. I will make a request to get these two fixed.

edit flag offensive delete publish link more

Comments

Great, thanks for paying attention! :)

meneer ( 2014-01-13 12:47:05 +0200 )edit

This is now fixed in the latest update (1.0.4.20).

tigeli ( 2014-03-17 21:17:00 +0200 )edit

yeah, thanks a lot :)

meneer ( 2014-03-17 21:56:23 +0200 )edit
1

answered 2014-03-14 12:27:02 +0200

cy8aer gravatar image

I described some browser modifications here.

edit flag offensive delete publish link more

Question tools

Follow
4 followers

Stats

Asked: 2014-01-10 21:34:47 +0200

Seen: 848 times

Last updated: Mar 14 '14