On Sat, Apr 26, 2014 at 22:19:47 +0200, Frantisek Hanzlik <franta@xxxxxxxxxxx> wrote:
I'm not SSL/TLS guru and I'm not in-deep study heartbeat OpenSSL bug (mainly because I consider Fedora 15+ as too problematic and stay at F14 with eventual migration to CentOS 6 on my servers, thus they aren't affected with this bug), but - it is truth, that when private key is stealed, this _always_ implied, that encrypted traffic may be read with private key knowledge? As I know, when e.g. Diffie-Hellman key exchanging is used, then either private key knowledge isn't sufficient to decode network traffic. Of course, TLS RFCs give us some basic set of mandatory ciphersuites which should know every TLS endpoint, and there are also these, where private key knowledge is sufficient for traffic decoding. But when at my side I allow e.g. (contrary to RFCs) only DH ciphersuites, then maybe either I'm not able establish a connection, or my connection is reliable - although connection is tapped by someone, who keep my private key. Or am I wrong?
If you have the private key and can redirect network traffic you can do man in the middle attacks. If forward security isn't being provided then just being able to see the traffic can allow you to get session keys.
Depending on what you don't like about current Fedoras, you might try out the XFCE or Mate desktops. They provide an experience similar to Gnome 2. If you have an old graphics card, you will want to use kdm or lxdm instead of gdm.
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
