In the guide below it's recommended minimum TLS 1.2: https://vikingvpn.com/cybersecurity-wiki/browser-security/guide-hardening-mozilla-firefox-for-privacy-and-security
I try to remove the insecure Cipher Suites in Chrome. https://www.ssllabs.com/ssltest/viewMyClient.html Does anyone help me to find the hexadecimal values for the two voices in the image? TH. For the other 3 Cipher Suites to be removed,enter: --cipher-suite-blacklist=0x002F,0x0035,0x000A
Incorrect, that website supports TLS 1.2 as you can see here: https://www.ssllabs.com/ssltest/analyze.html?d=www.linear.it If you cannot access it, there's something wrong on your end.
No offense but this entire topic is about TLS 1.2 and was never about specific ciphers. If you look at the results for that website, it only supports weak ciphers for ALL TLS versions. Coming to this thread and saying "I disabled 5 ciphers and now I can't access this website on ANY version of TLS is off topic and entirely his own fault. This thread isn't for reporting bad websites...
No offense taken. The topic is indeed about TLS and not about specific ciphersuites, but Sampei's post was about ciphersuites and did not mention the TLS version, so his post was not incorrect. True, I phrased it that way because secure AEAD ciphersuites were introduced with TLS 1.2, so it isn't possible to do secure ciphers with TLS 1.1 and earlier.(Though I just saw that SSL Labs only classifies AES-CBC and CAMELLIA-CBC as "weak" when they aren't combined with Forward Secrecy, though they aren't highlighted in green either.)
The website of the test below it's works with the main browsers but does not works with Pale Moon and Basilisk: https://suche.org/sslClientInfo Comments from Moonchild: https://forum.palemoon.org/viewtopic.php?f=61&t=19895
Hi. Has anyone enabled TLS 1.3 Draft28 in chrome? https://datatracker.ietf.org/doc/rfc8446/ chrome://flags TLS 1.3 Enabled-Draft28 It seems that the default is Draft 23.
Yes. TLS 1.3 Draft 28 is the final version. https://www.bleepingcomputer.com/news/security/ietf-approves-tls-13-as-internet-standard/ Even if the test below has many obscure points, it is possible to see before and after: https://suche.org/sslClientInfo Does any user know a better test?
for firefox Code: user_pref("security.ssl3.rsa_aes_128_sha", "false"); user_pref("security.ssl3.rsa_aes_256_sha", "false"); user_pref("security.ssl3.rsa_des_ede3_sha", "false"); (switch in about:config or create/insert it into user.js) adopted from here, thank you all https://www.wilderssecurity.com/thr...er-bundled-mitm-backdoor.413225/#post-2808367
New test: https://tls13.1d.pw/ In Windows XP only by installing 360 Extreme Browser it is possible to pass the above test. Probably even Maxthon can pass the test.
I have removed some insecure cipher suites from my browser. Only a website is unreachable, I will write to the webmaster. Test: https://browserleaks.com/ssl
I currently have only 1 Insecure Cipher in my Edge: Can any forum members who have also eliminated that insecure cipher report if any websites are unreachable? TH.
Insecure key deleted. At the moment there are no problems on the websites I usually visit. I'm seeing an incompatibility on some websites with post-quantum keys. I repositioned the flags to default.