Quote
Kevin
Was wondering version TSL K-Meleon is using
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
Although TLS 1.1 has been available since 2006 and isn't susceptible
to BEAST's chosen plaintext attack, virtually all SSL connections rely
on the vulnerable TLS 1.0, according to a recent research from security
firm Qualys that analyzed the SSL offerings of the top 1 million
internet addresses.

Quote
gordon451
OTOH, there is force_tls-3.0.0-fx.xpi which ATM only fits FF, but can be hacked to work with KM. Trouble is, I don't know how.

      this._mDBConn.executeSimpleSQL("CREATE TABLE IF NOT EXISTS ftls "
                                     + "(host string, "
                                     + "birthtime integer, "
                                     + "maxage integer, "
                                     + "includesubdomains string)");

Quote

Means if I knew more I'd simply try to force the highest possible TSL version that a page supports when needed.

I would not bother with the extension's list or any other added option like privacy mode.

Quote
gordon451
I assume KM does support TLS1.2/SSL3.3?

Quote
JamesD

Quote
gordon451
I assume KM does support TLS1.2/SSL3.3?

I wonder if this is dependent on the version of the Gecko engine being used in KM.

Quote
2 persons @ bugzilla
Adam Rak 2011-09-21 10:39:45 PDT

Unfortunately the server support is very poor, but on the bright side, THIS server (which has this bugzilla) does support TLS 1.1. (BUT ssllabs.com does support TLS 1.1/1.2!)

Many cites very poor browser support as the reason why they won't implement TLS/1.1 or 1.2
So that's a good reason to implement it on firefox.

IE market share: 38.9% -> implements it (only latests versions), hopefully working..
Firefox market share: 25.5% -> no implementation
Chrome 20.2% -> no implementation
(according to wikipedia, these percentages might be skewed a bit)

So if there are an implementation for Firefox and Chrome then we can say that significant percentage of the browsers do support it, so its more likely to happen at the server side too. (And implementing in Firefox speeds up the Chrome implementation too.) Someone has to make the first step after all. And you already have some patches so I don't worry too much for browsers. But a little more "noise" to convince people to elevate the priority won't hurt.

Comment 56 dziastinux 2011-09-21 22:32:56 PDT

TLS 1.0 is no longer considered as secure. So this bug MUST marked as major.

Quote
Sid Stammm

The add-on more or less works autonomously in the background, so you shouldn't have to do much to help it work. If you want, you can enable debugging and watch status messages pop up in the Javascript error console. You can also add sites to the ForceTLS database yourself, and force HTTPS requests for sites that may not even know ForceTLS exists.

Quote
crypto.stanford.edu
In September 2009, PayPal published an updated version of the protocol. As of this writing (November 2009), the updated protocol has been adopted by Google Chrome and NoScript, and implementation is underway in Firefox. The Strict-Transport-Security header is in use on a number of high-security web sites, including PayPal. ...


ForceHTTPS comes with preconfigured protection for Gmail, PayPal, American Express, Bank of America, Chase, and Fidelity.

// -- rule.<domain> = true
//    ... sets force TLS on that domain for one year from Firefox launch
pref("extensions.forcetls@sid.stamm.permanant.rule.paypal.com", true);

// -- subd.<domain>: set this to false or omit it to avoid including subdomains
pref("extensions.forcetls@sid.stamm.permanant.subd.paypal.com", true);

Quote
gordon451
@margarita - Ummm... No.
OTOH, there is force_tls-3.0.0-fx.xpi which ATM only fits FF, but can be hacked to work with KM. Trouble is, I don't know how.
Gordon.

Quote

...could we solve this issue disabling all algorithms in KMeleon setting to "false" all ssl3 entries that exist in the registry but the RC4 ones?

Quote
gordon451

Quote

...could we solve this issue disabling all algorithms in KMeleon setting to "false" all ssl3 entries that exist in the registry but the RC4 ones?

Unfortunately, no.
Problem is that while our computers and OSs might support current technology like TLS 1.1 and 1.2, most websites are stuck in last decade, maybe last century. Very few servers can do better than TLS 1.0, which is already compromised. Check out your favourite server on the Qualys SSL Server Test. The results will surprise you. Or maybe just confirm your worst suspicions.
ForceTLS is not a good way of solving the problem. But it is the only way we have -- we must start a campaign as Opera did years ago to "Open the Web (to Opera browsers)", by encouraging people to contact their ISPs and websites they do business with, asking them to please upgrade their security.
At the moment, for many people, ForceTLS is the only way of improving security.
Gordon.

Quote
JamesD
I have a question. Using EDIT > PREFERENCES > PRIVACY & SECURITY > ENCRYPTION > ENCRYPTED TRANSMISSION, I find a list of two protocols. If I remove the check mark by "Enable Secure Sockets Layer..." does that not ensure that my only remaining protocol is TLS?
If I then mark "false" all of the crypto items in configuration except the RC4 items, would I not have TLS 1.0 with non CBC? Is that not the goal?

Quote
margarita
I have read that only the RC4 cipher algorithm is not at risk in this moment. So I think that's the goal. I have enabled both TLS/SSL and then I set to "false" all cipher but those that contain RC4, that I left as they are by default. o.O

Quote
JamesD
I did that but also un-checked SSL. I have used my bank and brokerage sites without any problem.

Quote
JamesD
I have a broken padlock.

Quote
JamesD
If I then mark "false" all of the crypto items in configuration except the RC4 items, would I not have TLS 1.0 with non CBC? Is that not the goal?

Quote
Wikipedia
At http://en.wikipedia.org/wiki/RC4#Security :
However, many applications that use RC4 simply concatenate key and nonce; RC4's weak key schedule then gives rise to a variety of serious problems.

Because RC4 is a stream cipher, it is more malleable than common block ciphers. If not used together with a strong message authentication code (MAC), then encryption is vulnerable to a bit-flipping attack.

Quote
JamesD

Quote
margarita
I have read that only the RC4 cipher algorithm is not at risk in this moment. So I think that's the goal. I have enabled both TLS/SSL and then I set to "false" all cipher but those that contain RC4, that I left as they are by default. o.O

I did that but also un-checked SSL. I have used my bank and brokerage sites without any problem.

Quote
margarita
TLS 1.O is known as SSL3.1.

Quote
JamesD
I thought as long as the lock was closed, I was OK. If the URL bar is red and the lock is broken, that means there is not a good handshake for encryption - right?

Quote
Wikipedie sub voce TLS


All the most recent web browsers support TLS:

* Apple's Safari supports TLS, but it’s not officially specified which version.[33] On operating systems (Safari uses the TLS implementation of the underlying OS) like Mac OS X 10.5.8, Mac OS X 10.6.6, Windows XP, Windows Vista or Windows 7, Safari 5 has been reported to support TLS 1.0.[34]

* Mozilla Firefox, versions 2 and above, support TLS 1.0.[35] As of September 2011[update], Firefox does not support TLS 1.1 or 1.2.[36]

* Microsoft Internet Explorer always uses the TLS implementation of the underlying Microsoft Windows Operating System, a service called SChannel Security Service Provider. Internet Explorer 8 in Windows 7 and Windows Server 2008 R2 supports TLS 1.2. Windows 7 and Windows Server 2008 R2 use the same code (Microsoft Windows Version 6.1 (build 7600)) similar to how Windows Vista SP1 uses the same code as Windows 2008 Server.[37]

* As of Presto 2.2, featured in Opera 10, Opera supports TLS 1.2.[38]

* Google's Chrome browser supports TLS 1.0, but not TLS 1.1 or 1.2.[39]

Quote
German Wikipedia sub voce TLS
Die Weiterentwicklungen TLS 1.1 und 1.2 werden von keinem aktuellen Browser in der Standardkonfiguration unterstützt (kann im Internet Explorer und Opera aktiviert werden), und ist auf Servern so gut wie nirgends verfügbar, da es von der im Unix-Serverbereich als Quasi-Standard eingebundenen OpenSSL-Bibliothek nicht unterstützt wird.