TLS 1.1 and Browser upgrades

Discussion in 'other security issues & news' started by beethoven, Jun 7, 2018.

  1. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    In the guide below it's recommended minimum TLS 1.2:

    https://vikingvpn.com/cybersecurity-wiki/browser-security/guide-hardening-mozilla-firefox-for-privacy-and-security
     
  2. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    I try to remove the insecure Cipher Suites in Chrome.

    https://www.ssllabs.com/ssltest/viewMyClient.html

    Immagine.jpg

    Does anyone help me to find the hexadecimal values for the two voices in the image?
    TH.
    :thumb:;)

    For the other 3 Cipher Suites to be removed,enter:

    --cipher-suite-blacklist=0x002F,0x0035,0x000A
     
    Last edited: Jul 16, 2018
  3. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    Et voilà:

    Immagine.jpg

    Chrome Commmand Line Switches:


    --cipher-suite-blacklist=0x002F,0x0035,0x000A,0x009C,0x009D

    :);)
     
  4. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    The website below is not available if you delete the insecure cipher suites:

    https://www.linear.it/
     
  5. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Incorrect, that website supports TLS 1.2 as you can see here: https://www.ssllabs.com/ssltest/analyze.html?d=www.linear.it

    If you cannot access it, there's something wrong on your end.
     
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
  7. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    :thumb:;)
     
  8. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    No offense but this entire topic is about TLS 1.2 and was never about specific ciphers.
    If you look at the results for that website, it only supports weak ciphers for ALL TLS versions.
    Coming to this thread and saying "I disabled 5 ciphers and now I can't access this website on ANY version of TLS is off topic and entirely his own fault.
    This thread isn't for reporting bad websites...
     
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    No offense taken. The topic is indeed about TLS and not about specific ciphersuites, but Sampei's post was about ciphersuites and did not mention the TLS version, so his post was not incorrect.
    True, I phrased it that way because secure AEAD ciphersuites were introduced with TLS 1.2, so it isn't possible to do secure ciphers with TLS 1.1 and earlier.(Though I just saw that SSL Labs only classifies AES-CBC and CAMELLIA-CBC as "weak" when they aren't combined with Forward Secrecy, though they aren't highlighted in green either.)
     
  10. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    The website of the test below it's works with the main browsers but does not works with Pale Moon and Basilisk:

    https://suche.org/sslClientInfo

    Comments from Moonchild:

    https://forum.palemoon.org/viewtopic.php?f=61&t=19895
     
  11. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    Hi.
    Has anyone enabled TLS 1.3 Draft28 in chrome?

    https://datatracker.ietf.org/doc/rfc8446/

    chrome://flags

    TLS 1.3

    Enabled-Draft28

    It seems that the default is Draft 23.
     
    Last edited: Aug 20, 2018
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Any idea what the difference is?
     
  13. Nitty Kutchie

    Nitty Kutchie Registered Member

    Joined:
    Apr 10, 2015
    Posts:
    160
    https://tools.ietf.org/html/draft-ietf-tls-tls13-28
     
  14. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    Yes.
    TLS 1.3 Draft 28 is the final version.


    https://www.bleepingcomputer.com/news/security/ietf-approves-tls-13-as-internet-standard/

    Even if the test below has many obscure points, it is possible to see before and after:

    Immagine.jpg


    https://suche.org/sslClientInfo

    Does any user know a better test?
     
  15. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,868
  16. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    New test:

    https://tls13.1d.pw/

    In Windows XP only by installing 360 Extreme Browser it is possible to pass the above test.
    Probably even Maxthon can pass the test.
     
  17. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    Test passed with the new versions released Saturday of the browsers developed by Roytam1.
    :D
     
  18. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    I have removed some insecure cipher suites from my browser.

    600.JPG

    Only a website is unreachable, I will write to the webmaster.

    Test:


    https://browserleaks.com/ssl
     
  19. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    I currently have only 1 Insecure Cipher in my Edge:

    4.jpg


    Can any forum members who have also eliminated that insecure cipher report if any websites are unreachable?
    TH.:thumb:;):)
     
  20. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    Insecure key deleted.
    At the moment there are no problems on the websites I usually visit.
    I'm seeing an incompatibility on some websites with post-quantum keys.
    I repositioned the flags to default.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.