Once upon a time, Joe Zeff <j...@zeff.us> said: > On 1/5/21 1:10 PM, Chris Adams wrote: > >And really - having to lower system-wide security settings to > >allow connection to one site is a poor design. > > Yes! Poor design by that site, unless it's dumping malware or > otherwise stealing data.
For many reasons, this is wrong. You don't know the security of every device or server I need to connect to (I've had to lower system security policy before to connect to older hardware for example). And since you can't tell me why the site I cited is "bad", I can't even suggest a fix. So the poor design is Firefox and the Fedora crypto policy implementation. Using a scanner, I can see that the site supports TLS 1.2. The first server-preferred cipher is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ECDH secp256r1), which I think should still be considered secure. -- Chris Adams <li...@cmadams.net> _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
