Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Meer info

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

Security

  • 9 antwoorden
  • 5 hebben dit probleem
  • 4 weergaven
  • Laatste antwoord van bamagator62

more options

How can I find my security settings, all I see in General is Warn me when sites try to install add ons, Block reported attack sites,Block reported web forgeries.Where can I find those settings that protect me?

How can I find my security settings, all I see in General is Warn me when sites try to install add ons, Block reported attack sites,Block reported web forgeries.Where can I find those settings that protect me?

Gekozen oplossing

For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites. security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha

Why would you need to bother blocking those if you disable SSL3? user_pref("security.tls.version.min", 1);//means SSL3 not used

Dit antwoord in context lezen 👍 1

Alle antwoorden (9)

more options

What kind of security? There is a Security section in the Options/Preferences. There is also a Privacy section. There are more detailed settings in about:config, but it helps to know what you are doing with those. http://kb.mozillazine.org/About:config http://kb.mozillazine.org/About:config_entries

more options

I'm looking for the SSL or TLS what are my security settings? I cannot find that info in the Security Tab.

more options

The SSL/TLS settings were previously under this tab in Options/Preferences, but have been removed from the user interface as is is not safe to disable TLS:

  • Tools > Options > Advanced > Certificates

Why do you want to make changes to such settings or do you only want to inspect them?

You can inspect security.tls.* prefs on the about:config page.

Bewerkt door cor-el op

more options

No I don't want to change anything I just want to make sure that I'm protected. but I was curious to see what are my current security settings is it SSL 3.0 or TLS 1.0 or has that been changed to something new?

more options

SSL 3 is no longer supported. TLS 1.2 is the default, but TLS 1.1 and TLS 1.0 are still supported.

Security is more about disabling weak ciphers.

RFC 7465 - Prohibiting RC4 Cipher Suites:

Phasing out Certificates with 1024-bit RSA Keys:

Phase 2: Phasing out Certificates with 1024-bit RSA Keys:

For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

Logjam: How Diffie-Hellman Fails in Practice:

more options

How can I find if I have TLS 1.2 that's what my question is.

more options

You have TLS 1.2 if the TLS prefs have the default value.

  • security.tls.version.min = 1
  • security.tls.version.max = 3
  • security.tls.version.fallback-limit = 3
  • 1 means TLS 1.0, 2 means TLS 1.1, 3 means TLS 1.2

You can check the Security tab under the Network log in the Web Console (Firefox/Tools > Web Developer).

more options

Gekozen oplossing

For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites. security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha

Why would you need to bother blocking those if you disable SSL3? user_pref("security.tls.version.min", 1);//means SSL3 not used

Bewerkt door finitarry op

more options

Thank you all for your helping me