From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 1A57B138A1F for ; Sat, 19 Apr 2014 16:12:00 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 19DAAE0B2C; Sat, 19 Apr 2014 16:11:55 +0000 (UTC) Received: from mail-we0-f173.google.com (mail-we0-f173.google.com [74.125.82.173]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DC675E0B19 for ; Sat, 19 Apr 2014 16:11:53 +0000 (UTC) Received: by mail-we0-f173.google.com with SMTP id w61so2446345wes.18 for ; Sat, 19 Apr 2014 09:11:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=0/TSsIj/epjKN0FcS88/4h3cPxznF1ITavdnBSLvnAg=; b=N5tshsryd8u6yDbIhwmSiZaWP0UFAcf4SLSb72lTIX7ofj7ZEtG+VFC1lFzQCdAjDu PBEvJfVgh9Mt0T6B+FTHtxJkoHE+XEF/EKG1qWG22GEKy8SVoSbPB5EZSPquczxKAfxV +kLp9JuKziIR4N6ll9bxGITqfe6pfNplE/Oifmsy/2WKUpY+Ge2D8POUS6E3U2el467p bUfJwoZUVJ1OXtJI0WJD05umStCmHaoQZErKrlpMEI/MUitn68GabQJOxEn4YtoHlI68 V3P0pS6Baum6HHkKDyhMbQQbAaWGhkHY/3z/mJwNEoBr5l+g0IKstCdo3P8+825Bwj+x bA2A== X-Received: by 10.194.184.207 with SMTP id ew15mr12500610wjc.31.1397923912305; Sat, 19 Apr 2014 09:11:52 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPSA id f7sm28118541wjy.24.2014.04.19.09.11.49 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 19 Apr 2014 09:11:50 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: Heartbleed fix - question re: replacing self-signed certs with real ones Date: Sat, 19 Apr 2014 17:11:32 +0100 User-Agent: KMail/1.13.7 (Linux/3.12.13-gentoo; KDE/4.11.5; x86_64; ; ) References: <201404171649.57228.michaelkintzios@gmail.com> <201404190033.35662.michaelkintzios@gmail.com> <5352965E.4020708@gmail.com> In-Reply-To: <5352965E.4020708@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2568439.fDiKOz89HC"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201404191711.33377.michaelkintzios@gmail.com> X-Archives-Salt: 43bc0d44-830a-4ebf-84cd-c17b1b9459bc X-Archives-Hash: 20f88833acaeec4767780c980c63c859 --nextPart2568439.fDiKOz89HC Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Saturday 19 Apr 2014 16:29:34 Dale wrote: > How does one find out what their bank uses? I'd like to check on what > mine uses. I have Seamonkey and Firefox installed here IF it matters. Some banks have reverted to RC4 to protect against TLS v1.0 attacks from th= e=20 BEAST. I don't think that FF shows the algos used for key exchange and encryption = in=20 enough detail. You can see them if you use Chromium and click on the green= =20 padlock. I use openssl s_client, e.g.: openssl s_client -connect www.wellsfargo.com:443 and look for this info: New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA =2D-=20 Regards, Mick --nextPart2568439.fDiKOz89HC Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAABAgAGBQJTUqA1AAoJELAdA+zwE4YeCXgH/i/gWPrQ7/Kw0d3Kx9g2nekW HHykkYEE9AfhK8Gv2xlLUKAz+FNmQ50JXM/h3ginCXHrXCsjW8sRPrqNGZIC1R4g meEJImjlq1IuXwsA/sgGvcK8LYBjsTFHWk6G7uJQJzFBd3V5AFEpHjhqrTa90y7G NKzldphzmNRWY6I5k+XSxFL4qQkMxaE27kymI8hp2VpY1APF0M13/5itwqlXbAOP DJodgxxFADIdEcXRzVwQlaA9zN1rJbBd6jMJXFIJV78y378IB+mD+cPhq8EfoVmm Xh/j87LAjhdqDd0gClcOpqtPFoSsSVa8BqsxhrZBR5HecZVgxpcqJvOKpRzZW5Q= =CPOy -----END PGP SIGNATURE----- --nextPart2568439.fDiKOz89HC--