Windows 10 will reach EOS (end of support) on October 14, 2025. For more information, see this article.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Wannan tattunawa ta zama daɗaɗɗiya. Yi sabuwar tambaya idan ka na bukatar taimako.

How can I priorize one SSL3-chiper over the other, without turning off any?

  • 1 amsa
  • 4 sa na da wannan matsala
  • 1 view
  • Amsa ta ƙarshe daga jamacoe

jamacoe
jamacoe
more options

In oder to force some websites to use AES 256 rather than AES 128, or to priorize AES over RC4 or ECDH key exchange over DH, I could edit the appropriate security.ssl3 settings in about:config and just disable the unwanted chipers. However, some sites only support a certain chiper that I might have disabled. So I can't just turn it off. But if I leave it on, again other sites prefer to use low processor load chipers, even if they can handle more secure protocols. For example, I might disable all entries with 128 in it, to force sites to use 256-bit chipers. If I communicate to a site that only supports a 128-bit chiper, I have no encryption at all, unles I turn on whatever it whats, for example AES-128. The problem is, that now some other sites that would have used AES256 now revert to AES128. So I want a solution to priorize all available chiper-protocols, i.e. to put them in order to be taken or chosen. If that does not work, I am looking for a way to allow a certain chiper on a per site basis.

In oder to force some websites to use AES 256 rather than AES 128, or to priorize AES over RC4 or ECDH key exchange over DH, I could edit the appropriate security.ssl3 settings in about:config and just disable the unwanted chipers. However, some sites only support a certain chiper that I might have disabled. So I can't just turn it off. But if I leave it on, again other sites prefer to use low processor load chipers, even if they can handle more secure protocols. For example, I might disable all entries with 128 in it, to force sites to use 256-bit chipers. If I communicate to a site that only supports a 128-bit chiper, I have no encryption at all, unles I turn on whatever it whats, for example AES-128. The problem is, that now some other sites that would have used AES256 now revert to AES128. So I want a solution to priorize all available chiper-protocols, i.e. to put them in order to be taken or chosen. If that does not work, I am looking for a way to allow a certain chiper on a per site basis.

All Replies (1)

jamacoe
jamacoe Mai mallakar tambaya
more options

I think the second part of my question is more relevant. I captured traffic with wireshark and looked at the client/server chiper negotiation. If my client provides a list with AES 256 (among others) and without RC4 128, this very site https://support.mozilla.org will choose AES 256. But if I include RC4, the connection will be RC4, even though it is somewhere in the middle of the client's suggestions, not on top. This means each site searches in its own preference order for the cipher to be used, no matter how my client app priorizes them. So now the only question is: Can I exclude and/or include a chiper on a per site basis? - If I was a programmer, that would be a nice add-on, or is there already something like that out there?