Go URL about:config type "tls"
security.tls.version.max must be changed to 3 (it IMHO makes sence to do so)
if You want higher value and pass the test on that page by using TLS 1.2.
Background: In ESR 24 security.tls.version.max has the default settings like 1.
This is also used by most non Mozilla.org browsers based on that GRE.
Browsers based on ESR 31 will have security.tls.version.max;3 by default.
To pass test for Insecure Cipher Suites You have to deactivate some.
To find which use for example a nightly which supports only:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
But deactivating them is IMHO a bad idea since the older deemed insecure give You a better (some at least) protection because they are governded by the implicit default setting that has the rule to always use the best available.
Edited 1 time(s). Last edit at 10/15/2014 10:40AM by guenter.