[Bug 1197884] Re: apache2.2 SSL has no forward-secrecy: need ECDHE keys
RichardNeill
ubuntu at richardneill.org
Fri Jul 5 17:31:56 UTC 2013
Thanks for your assistance.
Can I ask why you think this is merely a wishlist item?
If I've understood the import of this correctly, then the privacy of
every visitor to every website served by Apache on every version(*) of
Ubuntu is at risk. I don't think that forward-secrecy in SSL is an
optional extra; I think it's a requirement. Also, in my view, server
administrators who deploy https are making an implicit promise to their
site's visitors - and this is a promise which they cannot honour.
(*)even Saucy doesn't have 2.4 packages yet, though 2.4 is in Debian,
Mageia, and Fedora.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1197884
Title:
apache2.2 SSL has no forward-secrecy: need ECDHE keys
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884/+subscriptions
More information about the Ubuntu-server-bugs
mailing list