Package: iceweasel Version: 38.3.0esr-1 Hi,
https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/ indicates that the NSA may have compromised 1024-bit Diffie-Hellman. https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH discusses how browsers can be tested to determine whether they support 1024-bit Diffie-Hellman and, if so, how it can be disabled. Visiting the site referenced in the latter article, https://www.howsmyssl.com/, indicates that iceweasel does support 1024-bit Diffie-Hellman. Should it be disabled by default? -- Matt https://ftbfs.org/~kraai/
