I have started getting messages that I cannot use some sites in HTTPS mode because the security is not good enough. What is the highest level KM can handle? Are there any options a user can do to increase the security?
I have tried in 75.1, 76RC and 76RC2.
I don't think this user agent related. One site mentioned TLS, but I don't remember the specific message.
Hi JamesD - The highest level encryption (https) for KM76RC is TLS 1.2. TLS 1.3 has not been activated yet AFAIK. And yes, you're quite correct it is not UA-related.
Now I have to ask, because too many people can't quite see the difference, do you understand what TLS and SSL are? Importantly, are you aware that SSL is fatally broken and has been for as much as 10 years?
ecurity replaces S
ayer, and SSL must
To make your KM secure, do these:
security.tls.version.max;3 /this makes KM ready for TLS 1.3 when that is activated
Anything with an asterix is a UserSet, no asterisk means default setting.
Removing the 5 ciphers will force KM to look higher on the shelves, and will prevent insecure sites from loading. Thes ciphers are all broken: you may as well use plain-text
Doing this will get get some sites unloadable, sadly. It was heart-breaking to see so many Microsoft technical sites refused by KM. But eventually M$ grew a brain.
Alas, many Apple support sites are still using broken old (non)security...
There is no point encouraging sloppy server management, so you'll need to grit your teeth, and fire off an emnail to their site management if you have a pressing need to access those pages... They probably won't care
IMHO, KM should be shipped with these settings pre-installed.
Gigabyte H61M-USB3-B3 r2.0, I5-2400 3.10GHz, 4GB RAM; W7HPx64 SP1, Lotus SmartSuite 9.8, K-Meleon 76RC, Pale Moon 26.4.1, IE11, Clyton email 15.0, Foxit Reader 18.104.22.1686, PaintShop Pro 6.02, ZAM Free 2.74, SuRun 22.214.171.124, VoodooShield 3.59b
"Learning is not compulsory. Neither is survival." Dr. W. Edwards Deming.
Edited 2 time(s). Last edit at 12/23/2016 09:38PM by gordon451.