How can I disable arbitrary SSL/TLS cipher suites in Firefox?
I am looking for an option in Firefox like `--cipher-suite-blacklist` in Chrome.
Modified by Mpak
Chosen solution
What ciphers do you want to disable? You can try here:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste SSL3 and pause while the list is filtered
Note: although they have ssl3 in the preference name, these ciphers are both TLS connections, so if you disable all of them, then you won't be able to make any secure connections.
Read this answer in context 👍 1All Replies (5)
Here is a link for you (hope it helps you out)
Sorry, I did not mention that the question is about Mozilla Firefox browser. Now I have edited the question. So, this link does not help me, because it is about server side.
Modified by Mpak
Chosen Solution
What ciphers do you want to disable? You can try here:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste SSL3 and pause while the list is filtered
Note: although they have ssl3 in the preference name, these ciphers are both TLS connections, so if you disable all of them, then you won't be able to make any secure connections.
By the way, I suggest disabling these (double-click to set false):
- security.ssl3.dhe_rsa_aes_128_sha
- security.ssl3.dhe_rsa_aes_256_sha
Then if you encounter a server that hasn't been updated to resolve Logjam issues, Firefox will try to force an upgrade rather than simply refusing to connect.
jscher2000 said
Note: although they have ssl3 in the preference name, these ciphers are both TLS connections, so if you disable all of them, then you won't be able to make any secure connections.
Thank you! I thought that security.ssl3.* preferences are related to SSLv3 only, not TLSv1.*. Now I see that modern aes_*_gcm ciphers are in the list too.