Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

Why is firefox using the (presumably broken) RC4 128bit SSL encryption as highest priority default encryption?

  • 1 відповідь
  • 6 мають цю проблему
  • 8 переглядів
  • Остання відповідь від cor-el

more options

128 bit encryption is no longer a real security deal. There are known attacks on RC4 and there is a warning from NIST to do not longer use it in a new product. Firefox uses an internal list on prefered cipher suites. Why does firefox do not request for 256 bit encryption as default (AES and Camellia) and in a second step, if negotiation with an outdated server fails, fall back to 128 bit encryption? I know the user can block 128bit from about:config, but why is such an insecure and outdated SSL encryption option the default behaviour?

128 bit encryption is no longer a real security deal. There are known attacks on RC4 and there is a warning from NIST to do not longer use it in a new product. Firefox uses an internal list on prefered cipher suites. Why does firefox do not request for 256 bit encryption as default (AES and Camellia) and in a second step, if negotiation with an outdated server fails, fall back to 128 bit encryption? I know the user can block 128bit from about:config, but why is such an insecure and outdated SSL encryption option the default behaviour?

Усі відповіді (1)

more options

You can disable the 128 bit RC4 ciphers by setting the related security.ssl3.* prefs to false.
If you need to visit a server that only works with an 128 cipher suite then you can enable one or two 128 SSL ciphers.
Note that some servers host CSS files on such servers with older server software.

  • security.ssl3.rsa_rc4_128_md5
  • security.ssl3.rsa_rc4_128_sha