Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

Mozilla サポートの検索

サポート詐欺に注意してください。 私たちはあなたに通話やショートメッセージの送信、個人情報の共有を求めることはありません。疑わしい行為を見つけたら「迷惑行為を報告」からご報告ください。

詳しく学ぶ

このスレッドはアーカイブに保管されました。 必要であれば新たに質問してください。

Why is firefox using the (presumably broken) RC4 128bit SSL encryption as highest priority default encryption?

  • 1 件の返信
  • 6 人がこの問題に困っています
  • 199 回表示
  • 最後の返信者: cor-el
  • アーカイブに保管済み

anouser0850
anouser0850

128 bit encryption is no longer a real security deal. There are known attacks on RC4 and there is a warning from NIST to do not longer use it in a new product. Firefox uses an internal list on prefered cipher suites. Why does firefox do not request for 256 bit encryption as default (AES and Camellia) and in a second step, if negotiation with an outdated server fails, fall back to 128 bit encryption? I know the user can block 128bit from about:config, but why is such an insecure and outdated SSL encryption option the default behaviour?

128 bit encryption is no longer a real security deal. There are known attacks on RC4 and there is a warning from NIST to do not longer use it in a new product. Firefox uses an internal list on prefered cipher suites. Why does firefox do not request for 256 bit encryption as default (AES and Camellia) and in a second step, if negotiation with an outdated server fails, fall back to 128 bit encryption? I know the user can block 128bit from about:config, but why is such an insecure and outdated SSL encryption option the default behaviour?

すべての返信 (1)

cor-el
cor-el
  • Top 25 Contributor
  • Moderator

You can disable the 128 bit RC4 ciphers by setting the related security.ssl3.* prefs to false.
If you need to visit a server that only works with an 128 cipher suite then you can enable one or two 128 SSL ciphers.
Note that some servers host CSS files on such servers with older server software.

  • security.ssl3.rsa_rc4_128_md5
  • security.ssl3.rsa_rc4_128_sha