Hilfe durchsuchen

Vorsicht vor Support-Betrug: Wir fordern Sie niemals auf, eine Telefonnummer anzurufen, eine SMS an eine Telefonnummer zu senden oder persönliche Daten preiszugeben. Bitte melden Sie verdächtige Aktivitäten über die Funktion „Missbrauch melden“.

Weitere Informationen

Security

  • 9 Antworten
  • 5 haben dieses Problem
  • 4 Aufrufe
  • Letzte Antwort von bamagator62

more options

How can I find my security settings, all I see in General is Warn me when sites try to install add ons, Block reported attack sites,Block reported web forgeries.Where can I find those settings that protect me?

How can I find my security settings, all I see in General is Warn me when sites try to install add ons, Block reported attack sites,Block reported web forgeries.Where can I find those settings that protect me?

Ausgewählte Lösung

For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites. security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha

Why would you need to bother blocking those if you disable SSL3? user_pref("security.tls.version.min", 1);//means SSL3 not used

Diese Antwort im Kontext lesen 👍 1

Alle Antworten (9)

more options

What kind of security? There is a Security section in the Options/Preferences. There is also a Privacy section. There are more detailed settings in about:config, but it helps to know what you are doing with those. http://kb.mozillazine.org/About:config http://kb.mozillazine.org/About:config_entries

more options

I'm looking for the SSL or TLS what are my security settings? I cannot find that info in the Security Tab.

more options

The SSL/TLS settings were previously under this tab in Options/Preferences, but have been removed from the user interface as is is not safe to disable TLS:

  • Tools > Options > Advanced > Certificates

Why do you want to make changes to such settings or do you only want to inspect them?

You can inspect security.tls.* prefs on the about:config page.

Geändert am von cor-el

more options

No I don't want to change anything I just want to make sure that I'm protected. but I was curious to see what are my current security settings is it SSL 3.0 or TLS 1.0 or has that been changed to something new?

more options

SSL 3 is no longer supported. TLS 1.2 is the default, but TLS 1.1 and TLS 1.0 are still supported.

Security is more about disabling weak ciphers.

RFC 7465 - Prohibiting RC4 Cipher Suites:

Phasing out Certificates with 1024-bit RSA Keys:

Phase 2: Phasing out Certificates with 1024-bit RSA Keys:

For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

Logjam: How Diffie-Hellman Fails in Practice:

more options

How can I find if I have TLS 1.2 that's what my question is.

more options

You have TLS 1.2 if the TLS prefs have the default value.

  • security.tls.version.min = 1
  • security.tls.version.max = 3
  • security.tls.version.fallback-limit = 3
  • 1 means TLS 1.0, 2 means TLS 1.1, 3 means TLS 1.2

You can check the Security tab under the Network log in the Web Console (Firefox/Tools > Web Developer).

more options

Ausgewählte Lösung

For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites. security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha

Why would you need to bother blocking those if you disable SSL3? user_pref("security.tls.version.min", 1);//means SSL3 not used

Geändert am von finitarry

more options

Thank you all for your helping me