Browser Security Update

Browsers, email, chat, etc.
Post Reply
Message
Author
User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

Browser Security Update

#1 Post by 8Geee »

Recently it has been discovered and announced that certain TLS1.2 encryption schemes are vunerable to cracking attempts. In an indirect way, this is related to derivatives of Meltdown/Spectre.

Firefox and derivatives uses two of these schemes, and the Qualys Client-Side Test has affirmed this with a "WEAK" rating (unsuitable for use). Since this is encryption scheme AND there IS hyperthreading of ANY TYPE involved, your browser needs to FALSE these schemes, so they are not selected. Below is the Firefox/derivative pathway, other browsers may be similar.

DISCONNECT FROM THE INTERNET
Oen Firefox and in Firefox address bar type about:config
Click I'll be careful
In the search bar type ssl
scroll down the listing to these two consecutive entries

security.ssl3.ecdhe_ecdsa_aes_128_sha
security.ssl3.ecdhe_ecdsa_aes_256_sha

Double click each one to make FALSE
Close the Browser
Click Menu --> Shutdown --> Restart Graphical Server
Upon the Refresh you may reconnect to internet

Regards
8Geee

Placed here for 'universal access' due to any browser being affected.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Top
User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#2 Post by Smithy »

Thanks for those 8Geee, the two tweaks are making the browser boot faster, I think.
If you get any others that you think could be handy could you post them here?
Top
kuman11
Posts: 248
Joined: Tue 26 Dec 2017, 09:32

#3 Post by kuman11 »

'in error'
Last edited by kuman11 on Mon 29 Jul 2019, 00:41, edited 1 time in total.
Top
User avatar
Mike Walsh
Posts: 6351
Joined: Sat 28 Jun 2014, 12:42
Location: King's Lynn, UK.

#4 Post by Mike Walsh »

kuman11 wrote:Mike,
My profile for Seamonkey246 has disappeared or is deleted & I can't start it with the script.
How can I create another one w/o a reboot if possible?
@ kuman11:-

Which 'Mike' are you talking to? Myself? Mikeslr? MikeB? And why are you posting about SeaMonkey profile issues in a totally unrelated thread to do with TLS encryption??

When you post without thinking like this, we can't help you because we don't know who or what you're referring to.....


Mike. :wink:
Top
kuman11
Posts: 248
Joined: Tue 26 Dec 2017, 09:32

#5 Post by kuman11 »

Mike Walsh,

It seems somehow I've posted it in error, it's for the Portable thread.
It's for u.
Top
User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

Others to mark false

#6 Post by 8Geee »

Smithy, et al;

One check that can be used with the above "about:config --> ssl" is to look for the following two items in the list;

1.) GCM
2.) POLY_1305

If the choice does not contain 1. or 2. then mark as false.
Tested on FF66.0.5 and FF27.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Top
Post Reply

Return to “Browsers and Internet”