חיפוש בתמיכה

יש להימנע מהונאות תמיכה. לעולם לא נבקש ממך להתקשר או לשלוח הודעת טקסט למספר טלפון או לשתף מידע אישי. נא לדווח על כל פעילות חשודה באמצעות באפשרות ״דיווח על שימוש לרעה״.

מידע נוסף

Security

  • 9 תגובות
  • 5 have this problem
  • 4 views
  • תגובה אחרונה מאת bamagator62

more options

How can I find my security settings, all I see in General is Warn me when sites try to install add ons, Block reported attack sites,Block reported web forgeries.Where can I find those settings that protect me?

How can I find my security settings, all I see in General is Warn me when sites try to install add ons, Block reported attack sites,Block reported web forgeries.Where can I find those settings that protect me?

פתרון נבחר

For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites. security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha

Why would you need to bother blocking those if you disable SSL3? user_pref("security.tls.version.min", 1);//means SSL3 not used

Read this answer in context 👍 1

כל התגובות (9)

more options

What kind of security? There is a Security section in the Options/Preferences. There is also a Privacy section. There are more detailed settings in about:config, but it helps to know what you are doing with those. http://kb.mozillazine.org/About:config http://kb.mozillazine.org/About:config_entries

more options

I'm looking for the SSL or TLS what are my security settings? I cannot find that info in the Security Tab.

more options

The SSL/TLS settings were previously under this tab in Options/Preferences, but have been removed from the user interface as is is not safe to disable TLS:

  • Tools > Options > Advanced > Certificates

Why do you want to make changes to such settings or do you only want to inspect them?

You can inspect security.tls.* prefs on the about:config page.

השתנתה ב־ על־ידי cor-el

more options

No I don't want to change anything I just want to make sure that I'm protected. but I was curious to see what are my current security settings is it SSL 3.0 or TLS 1.0 or has that been changed to something new?

more options

SSL 3 is no longer supported. TLS 1.2 is the default, but TLS 1.1 and TLS 1.0 are still supported.

Security is more about disabling weak ciphers.

RFC 7465 - Prohibiting RC4 Cipher Suites:

Phasing out Certificates with 1024-bit RSA Keys:

Phase 2: Phasing out Certificates with 1024-bit RSA Keys:

For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

Logjam: How Diffie-Hellman Fails in Practice:

more options

How can I find if I have TLS 1.2 that's what my question is.

more options

You have TLS 1.2 if the TLS prefs have the default value.

  • security.tls.version.min = 1
  • security.tls.version.max = 3
  • security.tls.version.fallback-limit = 3
  • 1 means TLS 1.0, 2 means TLS 1.1, 3 means TLS 1.2

You can check the Security tab under the Network log in the Web Console (Firefox/Tools > Web Developer).

more options

פתרון נבחר

For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites. security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha

Why would you need to bother blocking those if you disable SSL3? user_pref("security.tls.version.min", 1);//means SSL3 not used

השתנתה ב־ על־ידי finitarry

more options

Thank you all for your helping me