So, I leave only this one

ecdhe_ecdsa_rc4
ecdhe_rsa_rc4
ecdh_ecdsa_rc4
ecdh_rsa_rc4

It is ok? ..

Quote
km2
So, I leave only this one
ecdhe_ecdsa_rc4
ecdhe_rsa_rc4
ecdh_ecdsa_rc4
ecdh_rsa_rc4
It is ok? ..

Yes, it's ok. These are the only algorithms that I have left set to "true" and the https sites work like a charm. I have set alto to "false" the SSL3, as you suggested in former post to enable only the TLS 1.0 connection mode.
o.O

Quote
gordon451
@margarita - Ummm... No.
OTOH, there is force_tls-3.0.0-fx.xpi which ATM only fits FF, but can be hacked to work with KM. Trouble is, I don't know how.
Gordon.

I was very curious with the Force TLS extension, but I prefer the way how HTTPS finder extension works with dual mode "HEAD/GET page https requests" for slow modems compatibility. Very useful choice to get major passive security.

https://addons.mozilla.org/en-US/firefox/addon/https-finder/

This extension, as Force TLS, does not solve the CBC problem, it only gets access to the https:// version page of the webpage requested by the user.
o.O

I have put together a faster method of managing the keys and protocols than using configuration and preferences. You can get the macro at: http://dl.dropbox.com/u/1522294/MgrTransCrypt.7z

The menu is under TOOLS - PRIVACY - PERMISSIONS. I arbitrarily split the keys into groups. I claim no special knowledge of the keys for this splitting. The macro changes all keys in a group to ON or OFF. If you individually set keys, then this might not work for you. The check mark in the menu comes from the first key in my arbitrary group. Only the keys set to true by default are included in the macro.

Comments and suggestions are always welcome.

Quote
JamesD
I have put together a faster method of managing the keys and protocols than using configuration and preferences. You can get the macro at: http://dl.dropbox.com/u/1522294/MgrTransCrypt.7z

The menu is under TOOLS - PRIVACY - PERMISSIONS. I arbitrarily split the keys into groups. I claim no special knowledge of the keys for this splitting. The macro changes all keys in a group to ON or OFF. If you individually set keys, then this might not work for you. The check mark in the menu comes from the first key in my arbitrary group. Only the keys set to true by default are included in the macro.

Comments and suggestions are always welcome.

JamesD,

Much appreciated. I went through them one by one but was more than a little worried about which ones to toggle or not.

We should find a way to double-check to make sure we are doing the right thing. Meanwhile, Mozilla is talking about disabling Java altogether (not that they will actually do it, just want to light a fire under Oracle).

N

Quote
ndebord
Meanwhile, Mozilla is talking about disabling Java altogether.

That will be the day when I stop using a Mozilla based browser

Quote
guenter

Quote
ndebord
Meanwhile, Mozilla is talking about disabling Java altogether.

That will be the day when I stop using a Mozilla based browser

guenter,

Even though the powers that be are making it clear that they really only want to support Firefox?

<wry grin>

N

Quote
JamesD
I have put together a faster method of managing the keys and protocols than using configuration and preferences. You can get the macro at: http://dl.dropbox.com/u/1522294/MgrTransCrypt.7z

The menu is under TOOLS - PRIVACY - PERMISSIONS. I arbitrarily split the keys into groups. I claim no special knowledge of the keys for this splitting. The macro changes all keys in a group to ON or OFF. If you individually set keys, then this might not work for you. The check mark in the menu comes from the first key in my arbitrary group. Only the keys set to true by default are included in the macro.

Comments and suggestions are always welcome.

JamesD,

Loaded it up, but don't see it under tools, privacy, permissions? Where should I find it exactly? Tks.

P.S. Scratch that... for whatever reason it did not load up wiht KEIH, but manually placing the macro in the macros subfolder worked, so...

Now about the settings. Am I wrong to disallow everything except TLS and in the TLS only to allow this one:


TLS with RC4


Tks.

N



Edited 1 time(s). Last edit at 09/30/2011 12:14AM by ndebord.

@ ndebord

Sorry, I did not make it an extension.

I think protocol TLS and RC4 keys is supposed to be safe. Actually with just the RC4 key, it might be safe to use both protocols. If you don't get a https connection with just one, it only takes three clicks on the menu and you add a protocol or a set of keys. You can then force reload the page and see if you get a good connection.

Quote
JamesD
@ ndebord

Sorry, I did not make it an extension.

I think protocol TLS and RC4 keys is supposed to be safe. Actually with just the RC4 key, it might be safe to use both protocols. If you don't get a https connection with just one, it only takes three clicks on the menu and you add a protocol or a set of keys. You can then force reload the page and see if you get a good connection.

JamesD,

Thanks, right now I'm using just the one... If I read your post correctly, your macro will automatically add additional keys as needed by clicking three times on the menu (shades of Wizard of Oz!!!) <VBG>

N

@ margarita,

Cheers!

Quote
ndebord
Thanks, right now I'm using just the one... If I read your post correctly, your macro will automatically add additional keys as needed by clicking three times on the menu (shades of Wizard of Oz!!!) <VBG>

Actually I was wrong. The "Manage Encrypted Transmissions" is three menus deep under TOOLS. However you only have to click on TOOLS. Just sliding the mouse will allow you to get to PRIVACY, PERMISSIONS, and MANAGE ENCRYPTED TRANSMISSIONS. So your second click can either enable or disable a protocol or a group of keys. So it is really just two clicks.

By the way, if you have done some changes previously using configuration, then enabling and disabling, or disabling and enabling a group of keys will synchronize all the the keys in the group. This is just in case you had some keys in a group set differently. The check-mark for each group is managed by the first key in that group.

Quote
JamesD

Quote
ndebord
Thanks, right now I'm using just the one... If I read your post correctly, your macro will automatically add additional keys as needed by clicking three times on the menu (shades of Wizard of Oz!!!) <VBG>

Actually I was wrong. The "Manage Encrypted Transmissions" is three menus deep under TOOLS. However you only have to click on TOOLS. Just sliding the mouse will allow you to get to PRIVACY, PERMISSIONS, and MANAGE ENCRYPTED TRANSMISSIONS. So your second click can either enable or disable a protocol or a group of keys. So it is really just two clicks.

By the way, if you have done some changes previously using configuration, then enabling and disabling, or disabling and enabling a group of keys will synchronize all the the keys in the group. This is just in case you had some keys in a group set differently. The check-mark for each group is managed by the first key in that group.

JamesD,

Saw that, as I had done some manual tweaking (sweating all the way). So far, so good with just enabling TLS with RC4... works so won't enable any of the others, unless somebody here says I got it wrong! <g>

N

Quote
km2
@ margarita,
Cheers!

Thank you very much
o.O

...

Thanks a bunch for the macro. What a setback for the security and privacy communities! And most astonishing of all, how many months/years will it take for most if not all servers to be updated? Here we are downgraded to 128 bit encryption, non-Rijndael (sp?). Using Internet is like holding water in a wicker basket. :-)

Quote
jmillar
how many months/years will it take for most if not all servers to be updated?

Using Internet is like holding water in a wicker basket. :-)

1.) Forever?

Unless server resources become much cheaper it will take long.

2.) Well said.



Edited 1 time(s). Last edit at 10/07/2011 09:37PM by guenter.