Quote
KM2005
Am I correct that KM74 isn't running SSL?
www.theregister.co.uk/2014/10/14/google_drops_ssl_30_poodle_vulnerability
What's the KM solution?
You are wrong. TLS 0 means AFAIK SSL3. And K-Meleon has that as security.tls.version.min.
And You originally asked about TLS 1.3.
So I will answer that next.
Quote
Wikipedia
TLS 1.3 (draft)
As of July 2014, TLS 1.3 is a draft and details have not fixed yet.[16][17] It is based on the earlier TLS 1.1 and 1.2 specification. Major differences from TLS 1.2 include:
Reworked handshake to provide 1-RTT mode.
Remove custom DHE groups.
Removed support for compression.
Removed support for static RSA and DH key exchange.
Removed support for non-AEAD ciphers (CBC mode of block ciphers, RC4).
K-Meleon does not develop the GRE or the TLS component.
K-Meleon does support the newest TLS protocol which is 1.2.
And I remember that You originally linked to the thread where how to change to TLS 1.2 was posted.
http://kmeleonbrowser.org/forum/read.php?2,130135,130146#msg-130146
POODLE: To stop the possibility of POODLE attack, AFAIK You need to completely disable SSL 3.0 on the client side and the server side. This will AFAIR by default come soon on the client side with updates of the Firefox GRE 34 in November 2014.
While I personaly think that there is not point on switching off lower fallbacks since You loose all protection on sites that have no TLS - You can manually set security.tls.version.min to 1 (via about:config).
Vulnerabilities on the server side remain.
http://en.wikipedia.org/wiki/Transport_Layer_Security#Survey_of_websites
Using Your brain will maybe help You out. Shorts sessions if You need high security and a profile with high security.tls.version.min for specific sites.
Read in this thread what ciphers Mozilla does still use in nightly GRE 34 for clues what they thinks is safe. And You can try these with the sites You need.
http://kmeleonbrowser.org/forum/read.php?2,130135,130146#msg-130146
With some luck all will work out.
Edited 1 time(s). Last edit at 10/15/2014 06:23PM by guenter.