SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers
Niels Bakker
niels=nanog at bakker.net
Fri Jul 17 20:30:27 UTC 2015
* michael.holstein at csuohio.edu (Michael O Holstein) [Fri 17 Jul 2015, 21:14 CEST]:
>>making 99% of the web secure is better than keeping an old 1% working
>A fine idea, unless for $reason your application is among the 1% ..
>nevermind the arrogance of the "I'm sorry Dave" sort of attitude.
Why do you upgrade your management systems asynchronously to your
applications? You bring this on yourself.
>As an example .. we have a vendor who, in the current release (last
>3 months) still requires "weak" ciphers in authentication responses.
>That was mostly okay until another vendor (with more sense) wanted
>to auth the same way but only permitted strong ciphers.
Why do you access mission-critical systems that are provably insecure
from systems that also have internet access?
If it's not mission-critical, then you should explain why you haven't
dumped that vendor yet for shipping insecure software - an insecurity
that is very easy to mitigate by them, should they have chosen to.
-- Niels.
More information about the NANOG
mailing list