On Tue, 09 Jun 2015 13:33:31 +0200
lcf <l...@vp.pl> wrote:
> Source: pure-ftpd
> Version: 1.0.36-3.2
> Severity: normal
>
> Dear Maintainer,
>
> I was performing verification of pure-ftpd cipher suites configuration
> and discovered it was using DHE with with very low dhparam value of
> 1024.
>
> It's security issue that needs to be addressed, but it seems that
> switching to ECDHE (with secp521r1) or using DHE with dhparam 4096 is
> possible since pure-ftpd 1.0.38, where options to configure forward
> secrecy cipher suites were added (TLS_DEFAULT_ECDH_CURVE,
> TLS_DHPARAMS_FILE).
>
> My proposal is to either update pure-ftpd to 1.0.38, or backport this
> specific features to 1.0.36, so setting secure cipher suites would
> be possible.
>
OK, I'll check this out.
Regards
Racke
--
Perl and Dancer Development
Visit our Perl::Dancer conference 2015.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
