Mozilla サポートの検索

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

詳しく学ぶ

このスレッドはアーカイブに保管されました。 必要であれば新たに質問してください。

Why is firefox using the (presumably broken) RC4 128bit SSL encryption as highest priority default encryption?

  • 1 件の返信
  • 6 人がこの問題に困っています
  • 8 回表示
  • 最後の返信者: cor-el

more options

128 bit encryption is no longer a real security deal. There are known attacks on RC4 and there is a warning from NIST to do not longer use it in a new product. Firefox uses an internal list on prefered cipher suites. Why does firefox do not request for 256 bit encryption as default (AES and Camellia) and in a second step, if negotiation with an outdated server fails, fall back to 128 bit encryption? I know the user can block 128bit from about:config, but why is such an insecure and outdated SSL encryption option the default behaviour?

128 bit encryption is no longer a real security deal. There are known attacks on RC4 and there is a warning from NIST to do not longer use it in a new product. Firefox uses an internal list on prefered cipher suites. Why does firefox do not request for 256 bit encryption as default (AES and Camellia) and in a second step, if negotiation with an outdated server fails, fall back to 128 bit encryption? I know the user can block 128bit from about:config, but why is such an insecure and outdated SSL encryption option the default behaviour?

すべての返信 (1)

more options

You can disable the 128 bit RC4 ciphers by setting the related security.ssl3.* prefs to false.
If you need to visit a server that only works with an 128 cipher suite then you can enable one or two 128 SSL ciphers.
Note that some servers host CSS files on such servers with older server software.

  • security.ssl3.rsa_rc4_128_md5
  • security.ssl3.rsa_rc4_128_sha