Recently it has been discovered and announced that certain TLS1.2 encryption schemes are vunerable to cracking attempts. In an indirect way, this is related to derivatives of Meltdown/Spectre.
Firefox and derivatives uses two of these schemes, and the Qualys Client-Side Test has affirmed this with a "WEAK" rating (unsuitable for use). Since this is encryption scheme AND there IS hyperthreading of ANY TYPE involved, your browser needs to FALSE these schemes, so they are not selected. Below is the Firefox/derivative pathway, other browsers may be similar.
DISCONNECT FROM THE INTERNET
Oen Firefox and in Firefox address bar type about:config
Click I'll be careful
In the search bar type ssl
scroll down the listing to these two consecutive entries
security.ssl3.ecdhe_ecdsa_aes_128_sha
security.ssl3.ecdhe_ecdsa_aes_256_sha
Double click each one to make FALSE
Close the Browser
Click Menu --> Shutdown --> Restart Graphical Server
Upon the Refresh you may reconnect to internet
Regards
8Geee
Placed here for 'universal access' due to any browser being affected.
Browser Security Update
Browser Security Update
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
- Mike Walsh
- Posts: 6351
- Joined: Sat 28 Jun 2014, 12:42
- Location: King's Lynn, UK.
@ kuman11:-kuman11 wrote:Mike,
My profile for Seamonkey246 has disappeared or is deleted & I can't start it with the script.
How can I create another one w/o a reboot if possible?
Which 'Mike' are you talking to? Myself? Mikeslr? MikeB? And why are you posting about SeaMonkey profile issues in a totally unrelated thread to do with TLS encryption??
When you post without thinking like this, we can't help you because we don't know who or what you're referring to.....
Mike.
Others to mark false
Smithy, et al;
One check that can be used with the above "about:config --> ssl" is to look for the following two items in the list;
1.) GCM
2.) POLY_1305
If the choice does not contain 1. or 2. then mark as false.
Tested on FF66.0.5 and FF27.
Regards
8Geee
One check that can be used with the above "about:config --> ssl" is to look for the following two items in the list;
1.) GCM
2.) POLY_1305
If the choice does not contain 1. or 2. then mark as false.
Tested on FF66.0.5 and FF27.
Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."