On 10/1/20 11:05 AM, Simo Sorce wrote:
On Thu, 2020-10-01 at 14:01 -0400, Simo Sorce wrote:
On Thu, 2020-10-01 at 19:47 +0200, Miro Hrončok wrote:
On 01. 10. 20 19:20, Simo Sorce wrote:
and the policy affects all software on the system, not just thunderbird ...
Is it possible to workaround the problem in Thunderbird only?
Only if thunderbrind provides a configuration option to set it and then
instructs NSS, afaik.
CCing Bob, in case he knows of other ways.
Adding back context for Bob,
this is about enabling 1024 DH, because some IMAP servers are still
badly configured ...
I initially handled this by turning off DHE ciphers.
goto thunderbird advanced tab, click on the config editior, type dhe in
the search change
security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha
to false.
Now you can connect thunderbird you a faulty configured server, without
loosing the other protections you get with the DEFAULT policy.
Your browser will still fail on those websites (though you can fix that
with the same trick for firefox).
While application can, in theory, override policy, almost no application
do (and thunderbird is no exception).
bob
The q. is if this can be done exclusively for thunderbird instead of
changing the system crypto policy for all TLS applications.
Simo.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
