Security
How can I find my security settings, all I see in General is Warn me when sites try to install add ons, Block reported attack sites,Block reported web forgeries.Where can I find those settings that protect me?
Chosen solution
For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites.security.ssl3.dhe_rsa_aes_128_shasecurity.ssl3.dhe_rsa_aes_256_sha
Why would you need to bother blocking those if you disable SSL3? user_pref("security.tls.version.min", 1);//means SSL3 not used
Read this answer in context 👍 1All Replies (9)
What kind of security? There is a Security section in the Options/Preferences. There is also a Privacy section. There are more detailed settings in about:config, but it helps to know what you are doing with those. http://kb.mozillazine.org/About:config http://kb.mozillazine.org/About:config_entries
I'm looking for the SSL or TLS what are my security settings? I cannot find that info in the Security Tab.
The SSL/TLS settings were previously under this tab in Options/Preferences, but have been removed from the user interface as is is not safe to disable TLS:
- Tools > Options > Advanced > Certificates
Why do you want to make changes to such settings or do you only want to inspect them?
You can inspect security.tls.* prefs on the about:config page.
Modified by cor-el
No I don't want to change anything I just want to make sure that I'm protected. but I was curious to see what are my current security settings is it SSL 3.0 or TLS 1.0 or has that been changed to something new?
SSL 3 is no longer supported. TLS 1.2 is the default, but TLS 1.1 and TLS 1.0 are still supported.
Security is more about disabling weak ciphers.
RFC 7465 - Prohibiting RC4 Cipher Suites:
Phasing out Certificates with 1024-bit RSA Keys:
Phase 2: Phasing out Certificates with 1024-bit RSA Keys:
For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites.
- security.ssl3.dhe_rsa_aes_128_sha
- security.ssl3.dhe_rsa_aes_256_sha
Logjam: How Diffie-Hellman Fails in Practice:
How can I find if I have TLS 1.2 that's what my question is.
You have TLS 1.2 if the TLS prefs have the default value.
- security.tls.version.min = 1
- security.tls.version.max = 3
- security.tls.version.fallback-limit = 3
- 1 means TLS 1.0, 2 means TLS 1.1, 3 means TLS 1.2
You can check the Security tab under the Network log in the Web Console (Firefox/Tools > Web Developer).
Chosen Solution
For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites.security.ssl3.dhe_rsa_aes_128_shasecurity.ssl3.dhe_rsa_aes_256_sha
Why would you need to bother blocking those if you disable SSL3? user_pref("security.tls.version.min", 1);//means SSL3 not used
Modified by finitarry
Thank you all for your helping me