Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Firefox is sending disabled list of ciphers too in client hello ( ssl handshake)


under C:\Program Files\Mozilla Firefox\defaults\pref\ this folder , i have created a security-perfs.js file which has got the information about the disabled and enabled list of ciphers and ssl version.

In this file , i have made only one cipher enabled .. rest all the cipher are false. So during the SSL handshake i should see only one cipher being sent in the client hello request ( by firefox )... But i could see a big list of cipher is being sent by the client ( firefox ) in client hello request.

BTW: in about:config .. i could see only one cipher is enabled rest are disabled. so the changes are getting reflected in the firefox using security-perfs.js file.

I am using windows XP.

so can some one help me here.

Thanks + Tanuj

Modified by Tanuj

Additional System Details


  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11

More Information

  • Top 10 Contributor
  • Moderator
10738 solutions 96600 answers

Helpful Reply

Files in that folder are used to initialize a new profile and doesn't have otherwise any effect.

You can use a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values.

Place a file local-settings.js in the defaults\pref folder where you also find the file channel-prefs.js to specify using mozilla.cfg.

pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0); // use this to disable the byte-shift


You can use these functions in mozilla.cfg:

defaultPref();  // set new default value
pref();         // set pref, but allow changes in current session
lockPref();     // lock pref, disallow changes