search

martinthomson / disable-dhe

Disable DHE cipher suites in Firefox
10 stars 6 forks source link

Which Firefox ESR version are safe? #2

Closed davidhedlund closed 9 years ago

davidhedlund commented 9 years ago

"Firefox 39 will include changes that will increase the minimum strength of keys to 1024 bits." - https://addons.mozilla.org/en-US/firefox/addon/disable-dhe/

The page didn't mention which Firefox ESR version that are safe from logjam attacks. Which one is it?

martinthomson commented 9 years ago

The next ESR 38 will contain the fix.

davidhedlund commented 9 years ago

@martinthomson 38.0.2?

martinthomson commented 9 years ago

Yes, I believe that 38.0.2 releases on June 29.

davidhedlund commented 9 years ago

@martinthomson Thanks.

Also, "Firefox 39 will include changes that will increase the minimum strength of keys to 1024 bits." - https://addons.mozilla.org/en-US/firefox/addon/disable-dhe/ Which Firefox 39.x.x will contain this fix?

martinthomson commented 9 years ago

All versions of 39 (unless you are downloading old versions of Developer Edition or early Beta version) have the fix.

davidhedlund commented 9 years ago

@martinthomson So starting 39.0, right? Just to make this formal.

martinthomson commented 9 years ago

Correct

davidhedlund commented 9 years ago

@martinthomson Excellent. Thanks for your support. I recommended the GNU IceCat maintainer to base next version of IceCat on Firefox ESR 38.0.2 instead of 38.0.

davidhedlund commented 9 years ago

@martinthomson Can you please update https://addons.mozilla.org/en-US/firefox/addon/disable-dhe/ with: "Firefox 39.0 and Firefox ESR 38.0.2 will include changes that will increase the minimum strength of keys to 1024 bits."?

martinthomson commented 9 years ago

Done.

davidhedlund commented 9 years ago

@martinthomson Thank you once again.