Mozilla Firefox v. 40 and later, Google, mail.ru, Yandex, Rambler and etc. and ssl v3
In this screen shot shows the settings for SSL v3 browser Firefox v. 40. As you can see it is set to «true», which means using the SSL v3 protocol in the browser. But recently (about six months ago), this protocol was declared as compromised and it was recommended not to use it in applications like cipher RC4. I was carried out a simple experiment, namely, the parameters of «true» were replaced by the option «false», t. E. I have been using this protocol is disabled in the browser Firefox v. 40. And what was my surprise when you try to open the browser's https protocol such well-known sites like Google, mail.ru, Yandex, Rambler and etc. I started to write a browser that can not connect because of the inability to use SSL, word for word: "... does not support the protocol SSL». E. Support any other version of SSL in Firefox does not. Available as options to include other versions of SSL in the browser Firefox v. 40 and now also no later! Previously, the ability to disable SSL v3 protocol present! That such "care" developers "free lunch» Mozilla from the world of Open Source on the safety of users of its browser.
edit: removed your abusive language (& also the section posted in russian, since we can't judge what niceties you have posted there). please refer to the Mozilla Support rules and guidelines! (philipp)
Modified by philipp
All Replies (6)
hello, you are mistaken - ssl 3.0 is disabled in firefox since version 34 (released in november last year): https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
the preferences you were showing have nothing to do with enabling ssl 3.0, they are there to control individual cipher suites (the naming is for historical reasons only). please right click and reset all the security prefs you have customized in about:config. then you can check firefox on sites like https://www.ssllabs.com/ssltest/viewMyClient.html & https://www.howsmyssl.com and see that your assumptions are unfounded.
You: "please right click and reset all the security prefs you have customized in about:config."
===============================
1. Testing spent the set, it says that you're lying! 2. All settings shown me, exhibited by default, and I have not changed! 3. Filter on "ssl" in about:config not find ssl v2. 4. On right click not found option "reset" for reset security prefs.
Screen shot...
enable javascript, because the site is telling you it won't produce a reliable result without it.
And why to use SSL and TLS has become mandatory to use JavaScript? Do you think that the safe use of JavaScript in this case?
javascript isn't a mandatory precursor to use ssl/tls, but apparently it's a necessity for sites that are testing the browser's capabilities