Hi, On Fri, Mar 27, 2015 at 12:53:05PM +0100, Hubert Kario wrote: > On Thursday 26 March 2015 11:19:28 Michael Felt wrote: > > Experience: I have some hardware, on an internal network - that only > > supports 40-bit ssl. I am forced to continue to use FF v17 because that was > > the last browser to provide SSL40-bit support. My security is weakened > > because I cannot update that browser, and I continue to lose plugins > > because they do not support FF17 anymore. All other browsers stopped > > support earlier as well. > > Please put the device behind a stunnel and don't put yourself at risk. I don't think Michael is accessing that device over the Internet - but even *in house* some devices force you to jump through such hoops. Like, old HP ILO that you can't get updates for, that insist on using SSL, but then fail to interoperate with recent browsers. So what are you going to do? "Throw away a perfectly working and secure machine, because its out of band interface is crap" or "keep around an old and insecure browser"? Same thing with needing sshv1 to access old network gear where even sshv1 was an achievement. "Throw away gear that does its job perfectly well, but has no sshv2 for *management*" or "keep around an ssh v1 capable client"? I, for one, need to explain why I buy new gear, and "because the out of band / management access only does sshv1" is not a good reason for my management ("then just use telnet, no?")... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert@xxxxxxxxxxxxxx fax: +49-89-35655025 gert@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev