maemo.org - Talk - View Single Post - Idea: N900 security update (openssl, browser etc)

t-b	2016-09-14 , 20:41
Posts: 368 \| Thanked: 975 times \| Joined on Aug 2013	#23

This post from Sulu made me curious about the current state of browsers used in Fremantle.
As mentioned by jonwil there is a website to do a certain browser security test.

Originally Posted by jonwil

One thing we definatly need to do if we upgrade NSS or otherwise update the security for the N900 is to make sure it passes this test page
https://www.ssllabs.com/ssltest/viewMyClient.html
and doesn't bring up any red flags on there.

I checked the browsers I sometimes use.

Stock browser - Insecure in Protocol Support, Logjam Vulnerability, Poodle Vulnerability, Cipher Suites (6x), Protocol Details

Surf (easy Debian) - insecure in Cipher Suite (5x), Protocol Details

eww - Emacs (doesn't have javascript enabled) - insecure in Cipher Suite (6 and 3 weak), Protocol Details

Iceweasel (easy Debian) - no security issues

Not sure what the worst offenders are, but at least Iceweasel seems to be okay for secure browsing.
Of course this is based on the assumption that the test provided by ssllabs is a good one.

So use the other browsers at your own risk

I will not stop using Surf or eww but in some cases that I need / want security to be improved I will use Iceweasel.

Quote & Reply |

The Following 9 Users Say Thank You to t-b For This Useful Post:
Fatalist, Halftux, hhbbap, jellyroll, juiceme, pichlo, reinob, Wikiwide, Xagoln