https://entropy.ubuntu.com lacks Perfect Forward Secrecy (PFS) and has certificate chain issues
Bug #1634346 reported by
xtsbdu3reyrbrmroezob
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pollen (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
https:/
https:/
as a PRNG seed entropy, would be wise to enable PFS and HPKP / HSTS, since nation state actors can forge certificates and view historical traffic to steal PRNG entropy seeds in the future
affects: | file (Ubuntu) → pollen (Ubuntu) |
information type: | Private Security → Public Security |
Changed in pollen (Ubuntu): | |
status: | New → Won't Fix |
To post a comment you must log in.
More interesting than e.g. Safari 9 or Chrome 51 negotiating non-FS ciphersuites is how the pollinate script's use of curl(1) connects -- do you have the time and ability to determine what ciphersuite is negotiated in this case?
Thanks