We have moved to a new Sailfish OS Forum. Please start new discussions there.
32

HowTo: Get your browser more crypt secure

asked 2014-02-25 22:16:05 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2019-04-07 01:51:41 +0200

Leon gravatar image

Test your browser with http://howsmyssl.com

Create a file ~/.mozilla/mozembed/user.js if not created otherwise and insert

user_pref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false);
user_pref("security.ssl3.ecdh_rsa_rc4_128_sha", false);
user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
user_pref("security.ssl3.rsa_rc4_128_md5", false);
user_pref("security.ssl3.rsa_rc4_128_sha", false);
user_pref("security.ssl3.rsa_fips_des_ede3_sha", false);
user_pref("security.tls.version.min", 3);
user_pref("security.tls.version.max", 3);

Test your browser again with https://howsmyssl.com

edit retag flag offensive close delete

Comments

2

Hey, just to be fair: If the web server does only rc4 these settings will fail. But think about using ssl servers which use real time crackable crypto...

cy8aer ( 2014-02-25 22:45:12 +0200 )edit

I wouldnt disable RC4 completely as a lot of sites still rely on it, and if you disable it completely these sites will fail to load.

The only rc4 suite I would disable is "ssl3.rsa_rc4_128_md5" as I dont think there is any site out there relying only on this suite. Usually they at least support the slightly more secure "ssl3.rsa_rc4_128_sha" suite which is left enabled and these sites will still work.

You also recommend disabling SSL3 and this will also cripple support for many sites.

vasavr ( 2014-03-15 13:51:08 +0200 )edit

3 Answers

Sort by » oldest newest most voted
21

answered 2014-02-26 11:00:59 +0200

veskuh gravatar image

Thanks for this how-to. We are working on updating the gecko engine to version 29, which brings TLS 1.2 and clearly improves the rating at the mentioned site.

edit flag offensive delete publish link more

Comments

@jollateam: great effort to hold the gecko engine up to date. Thank you

cy8aer ( 2014-02-26 12:13:16 +0200 )edit
3

What about other TLS/SSL using software such as email, Exchange connector, XMPP, Jolla updates etc.? Are or will their settings be checked to this commercially viable update coming in the beginning of March?

Karri Huhtanen ( 2014-02-26 13:23:58 +0200 )edit
11

answered 2019-04-06 00:04:53 +0200

tux_in_iE gravatar image

Updating for SF3.0...

On 3.0.2.8 (installed after a factory reset) it's "Probably Okay" out of the box. :)

edit flag offensive delete publish link more
10

answered 2016-06-11 14:05:05 +0200

tux_in_iE gravatar image

updated 2017-09-01 21:43:29 +0200

Updating this for SF2.0...

On 2.0.1.11 I went from "Bad" to "Probably OK" with the following user.js :

user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); user_pref("security.ssl3.rsa_rc4_128_md5", false); user_pref("security.ssl3.rsa_rc4_128_sha", false);

edit flag offensive delete publish link more
Login/Signup to Answer

Question tools

Follow
19 followers

subscribe to rss feed

Stats

Asked: 2014-02-25 22:16:05 +0200

Seen: 2,046 times

Last updated: Apr 07 '19

Related questions

Browser: Support for custom search engines [answered]

How to disable re-opening tabs from the previous session?

Can I import my contacts from N9? [answered]

User wants to see certain part of picture as a Lock Screen background [answered]

We want to create our own TOH [answered]

How user can take backups out of device [released]

What is the best maps/navigation application to use on Jolla? [answered]

How to change Ambiences really fast [answered]

Markdown basics [not relevant]

How to remove all contacts in one go? [answered]

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49