General :
K-Meleon Web Browser Forum
General discussion about K-Meleon
Re: TSL 1.2
Posted by:
km2
Date: September 29, 2011 08:59AM
So, I leave only this one
ecdhe_ecdsa_rc4
ecdhe_rsa_rc4
ecdh_ecdsa_rc4
ecdh_rsa_rc4
It is ok? ..
Re: TSL 1.2
Posted by:
margarita
Date: September 29, 2011 10:01AM
Quote
km2
So, I leave only this one
ecdhe_ecdsa_rc4
ecdhe_rsa_rc4
ecdh_ecdsa_rc4
ecdh_rsa_rc4
It is ok? ..
Yes, it's ok. These are the only algorithms that I have left set to "true" and the https sites work like a charm. I have set alto to "false" the SSL3, as you suggested in former post to enable only the TLS 1.0 connection mode.
o.O
Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Posted by:
margarita
Date: September 29, 2011 10:21AM
Quote
gordon451
@margarita - Ummm... No.
OTOH, there is
force_tls-3.0.0-fx.xpi which ATM only fits FF, but can be hacked to work with KM. Trouble is, I don't know how.
Gordon.
I was very curious with the Force TLS extension, but I prefer the way how HTTPS finder extension works with dual mode
"HEAD/GET page https requests" for slow modems compatibility. Very useful choice to get major passive security.
https://addons.mozilla.org/en-US/firefox/addon/https-finder/
This extension, as Force TLS,
does not solve the CBC problem, it only gets access to the
https:// version page of the webpage requested by the user.
o.O
Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Date: September 29, 2011 06:48PM
I have put together a faster method of managing the keys and protocols than using configuration and preferences. You can get the macro at:
http://dl.dropbox.com/u/1522294/MgrTransCrypt.7z
The menu is under TOOLS - PRIVACY - PERMISSIONS. I arbitrarily split the keys into groups. I claim no special knowledge of the keys for this splitting. The macro changes all keys in a group to ON or OFF. If you individually set keys, then this might not work for you. The check mark in the menu comes from the first key in my arbitrary group. Only the keys set to true by default are included in the macro.
Comments and suggestions are always welcome.
Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Date: September 29, 2011 07:19PM
Quote
JamesD
I have put together a faster method of managing the keys and protocols than using configuration and preferences. You can get the macro at:
http://dl.dropbox.com/u/1522294/MgrTransCrypt.7z
The menu is under TOOLS - PRIVACY - PERMISSIONS. I arbitrarily split the keys into groups. I claim no special knowledge of the keys for this splitting. The macro changes all keys in a group to ON or OFF. If you individually set keys, then this might not work for you. The check mark in the menu comes from the first key in my arbitrary group. Only the keys set to true by default are included in the macro.
Comments and suggestions are always welcome.
JamesD,
Much appreciated. I went through them one by one but was more than a little worried about which ones to toggle or not.
We should find a way to double-check to make sure we are doing the right thing. Meanwhile, Mozilla is talking about disabling Java altogether (not that they will actually do it, just want to light a fire under Oracle).
N
Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Date: September 29, 2011 10:05PM
Quote
ndebord
Meanwhile, Mozilla is talking about disabling Java altogether.
That will be the day when I stop using a Mozilla based browser
Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Date: September 30, 2011 12:00AM
Quote
guenter
Quote
ndebord
Meanwhile, Mozilla is talking about disabling Java altogether.
That will be the day when I stop using a Mozilla based browser
guenter,
Even though the powers that be are making it clear that they really only want to support Firefox?
<wry grin>
N
Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Date: September 30, 2011 12:06AM
Quote
JamesD
I have put together a faster method of managing the keys and protocols than using configuration and preferences. You can get the macro at:
http://dl.dropbox.com/u/1522294/MgrTransCrypt.7z
The menu is under TOOLS - PRIVACY - PERMISSIONS. I arbitrarily split the keys into groups. I claim no special knowledge of the keys for this splitting. The macro changes all keys in a group to ON or OFF. If you individually set keys, then this might not work for you. The check mark in the menu comes from the first key in my arbitrary group. Only the keys set to true by default are included in the macro.
Comments and suggestions are always welcome.
JamesD,
Loaded it up, but don't see it under tools, privacy, permissions? Where should I find it exactly? Tks.
P.S. Scratch that... for whatever reason it did not load up wiht KEIH, but manually placing the macro in the macros subfolder worked, so...
Now about the settings. Am I wrong to disallow everything except TLS and in the TLS only to allow this one:
TLS with RC4
Tks.
N
Edited 1 time(s). Last edit at 09/30/2011 12:14AM by ndebord.
Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Date: September 30, 2011 02:47AM
@ ndebord
Sorry, I did not make it an extension.
I think protocol TLS and RC4 keys is supposed to be safe. Actually with just the RC4 key, it might be safe to use both protocols. If you don't get a https connection with just one, it only takes three clicks on the menu and you add a protocol or a set of keys. You can then force reload the page and see if you get a good connection.
Re: TSL 1.2 Hackers break SSL encryption used by millions of sites
Date: September 30, 2011 02:53AM
Quote
JamesD
@ ndebord
Sorry, I did not make it an extension.
I think protocol TLS and RC4 keys is supposed to be safe. Actually with just the RC4 key, it might be safe to use both protocols. If you don't get a https connection with just one, it only takes three clicks on the menu and you add a protocol or a set of keys. You can then force reload the page and see if you get a good connection.
JamesD,
Thanks, right now I'm using just the one... If I read your post correctly, your macro will automatically add additional keys as needed by clicking three times on the menu (shades of Wizard of Oz!!!) <VBG>
N
Re: TSL 1.2
Posted by:
km2
Date: September 30, 2011 10:05AM
@ margarita,
Cheers!
Re: TSL 1.2
Date: September 30, 2011 12:04PM
Quote
ndebord
Thanks, right now I'm using just the one... If I read your post correctly, your macro will automatically add additional keys as needed by clicking three times on the menu (shades of Wizard of Oz!!!) <VBG>
Actually I was wrong. The "Manage Encrypted Transmissions" is three menus deep under TOOLS. However you only have to click on TOOLS. Just sliding the mouse will allow you to get to PRIVACY, PERMISSIONS, and MANAGE ENCRYPTED TRANSMISSIONS. So your second click can either enable or disable a protocol or a group of keys. So it is really just two clicks.
By the way, if you have done some changes previously using configuration, then enabling and disabling, or disabling and enabling a group of keys will synchronize all the the keys in the group. This is just in case you had some keys in a group set differently. The check-mark for each group is managed by the first key in that group.
Re: TSL 1.2
Date: September 30, 2011 02:29PM
Quote
JamesD
Quote
ndebord
Thanks, right now I'm using just the one... If I read your post correctly, your macro will automatically add additional keys as needed by clicking three times on the menu (shades of Wizard of Oz!!!) <VBG>
Actually I was wrong. The "Manage Encrypted Transmissions" is three menus deep under TOOLS. However you only have to click on TOOLS. Just sliding the mouse will allow you to get to PRIVACY, PERMISSIONS, and MANAGE ENCRYPTED TRANSMISSIONS. So your second click can either enable or disable a protocol or a group of keys. So it is really just two clicks.
By the way, if you have done some changes previously using configuration, then enabling and disabling, or disabling and enabling a group of keys will synchronize all the the keys in the group. This is just in case you had some keys in a group set differently. The check-mark for each group is managed by the first key in that group.
JamesD,
Saw that, as I had done some manual tweaking (sweating all the way). So far, so good with just enabling TLS with RC4... works so won't enable any of the others, unless somebody here says I got it wrong! <g>
N
Re: TSL 1.2
Posted by:
margarita
Date: September 30, 2011 02:48PM
Quote
km2
@ margarita,
Cheers!
Thank you very much
o.O
Re: TSL 1.2
Posted by:
km2
Date: September 30, 2011 08:07PM
...
Re: TSL 1.2
Posted by:
jmillar
Date: October 06, 2011 06:04PM
Thanks a bunch for the macro. What a setback for the security and privacy communities! And most astonishing of all, how many months/years will it take for most if not all servers to be updated? Here we are downgraded to 128 bit encryption, non-Rijndael (sp?). Using Internet is like holding water in a wicker basket. :-)
Re: TSL 1.2
Date: October 07, 2011 09:35PM
Quote
jmillar
how many months/years will it take for most if not all servers to be updated?
Using Internet is like holding water in a wicker basket. :-)
1.) Forever?
Unless server resources become much cheaper it will take long.
2.) Well said.
Edited 1 time(s). Last edit at 10/07/2011 09:37PM by guenter.