Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Pesquisar no site de suporte

Evite golpes de suporte. Nunca pedimos que você ligue ou envie uma mensagem de texto para um número de telefone, ou compartilhe informações pessoais. Denuncie atividades suspeitas usando a opção “Denunciar abuso”.

Saiba mais

Esta discussão foi arquivada. Faça uma nova pergunta se precisa de ajuda.

Security

  • 9 respostas
  • 5 têm este problema
  • 4 visualizações
  • Última resposta de bamagator62

more options

How can I find my security settings, all I see in General is Warn me when sites try to install add ons, Block reported attack sites,Block reported web forgeries.Where can I find those settings that protect me?

How can I find my security settings, all I see in General is Warn me when sites try to install add ons, Block reported attack sites,Block reported web forgeries.Where can I find those settings that protect me?

Solução escolhida

For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites. security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha

Why would you need to bother blocking those if you disable SSL3? user_pref("security.tls.version.min", 1);//means SSL3 not used

Ler esta resposta 👍 1

Todas as respostas (9)

more options

What kind of security? There is a Security section in the Options/Preferences. There is also a Privacy section. There are more detailed settings in about:config, but it helps to know what you are doing with those. http://kb.mozillazine.org/About:config http://kb.mozillazine.org/About:config_entries

more options

I'm looking for the SSL or TLS what are my security settings? I cannot find that info in the Security Tab.

more options

The SSL/TLS settings were previously under this tab in Options/Preferences, but have been removed from the user interface as is is not safe to disable TLS:

  • Tools > Options > Advanced > Certificates

Why do you want to make changes to such settings or do you only want to inspect them?

You can inspect security.tls.* prefs on the about:config page.

Alterado por cor-el em

more options

No I don't want to change anything I just want to make sure that I'm protected. but I was curious to see what are my current security settings is it SSL 3.0 or TLS 1.0 or has that been changed to something new?

more options

SSL 3 is no longer supported. TLS 1.2 is the default, but TLS 1.1 and TLS 1.0 are still supported.

Security is more about disabling weak ciphers.

RFC 7465 - Prohibiting RC4 Cipher Suites:

Phasing out Certificates with 1024-bit RSA Keys:

Phase 2: Phasing out Certificates with 1024-bit RSA Keys:

For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

Logjam: How Diffie-Hellman Fails in Practice:

more options

How can I find if I have TLS 1.2 that's what my question is.

more options

You have TLS 1.2 if the TLS prefs have the default value.

  • security.tls.version.min = 1
  • security.tls.version.max = 3
  • security.tls.version.fallback-limit = 3
  • 1 means TLS 1.0, 2 means TLS 1.1, 3 means TLS 1.2

You can check the Security tab under the Network log in the Web Console (Firefox/Tools > Web Developer).

more options

Solução escolhida

For the logjam attack you can toggle these prefs to false on the about:config page to disable the involved cipher suites. security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha

Why would you need to bother blocking those if you disable SSL3? user_pref("security.tls.version.min", 1);//means SSL3 not used

Alterado por finitarry em

more options

Thank you all for your helping me