Last active
August 29, 2015 13:56
-
-
Save chanux/9227845 to your computer and use it in GitHub Desktop.
Making Firefox a 'probably okay' SSL client
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| My current firefox version is 26 (on Ubuntu). It's said to be a bad SSL client. | |
| Check yours here: https://www.howsmyssl.com | |
| The issues on version 26 are supported SSL version and the cipher suit used. | |
| I managed to fixed this by using following about:config settings | |
| security.tls.version.max = 3 (TLS v1.2) | |
| security.ssl3.rsa_fips_des_edes_sha = false | |
| Apparently, disabling rc4 is a good idea (thx @drac). Read more about that at: http://blog.yjl.im/2013/12/disabling-tlsssl-rc4-in-firefox-and.html | |
| In short search for rc4 in about:config and change 6 entries to false. | |
| Also keep in mind: security is not a game you do a few clicks and win. Just be aware that things change all the time for worse and react accordingly to make sure things are *probably* OK. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment