Noose around Internet’s TLS system tightens with 2 new decryption attacks

Discussion in 'other security issues & news' started by lotuseclat79, Mar 27, 2015.

  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    Noose around Internet’s TLS system tightens with 2 new decryption attacks.

    Consequently, the advice above in the last paragraph appears to recommend toggling from true to false the following settings in Firefox:

    security.ssl3.rsa_rc4_128_sha
    security.ssl3.rsc_rc4_128_md5
    security.ssl3.ecdhe_rsa_rc4_128_sha
    security.ssl3.ecdhe_ccdsa_rc4_128_sha

    You can check the SSL Cipher Suite Details of Your Browser here.

    -- Tom
     
    Last edited: Mar 27, 2015
    lotuseclat79, Mar 27, 2015
    #1
  2. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,414
    Apparently the dev for Pale Moon made a decision to disable RC4 ciphers by default over a year ago (PM 24.1.0)
    Reverted back to using them in v24.1.1 because it broke more web sites than anticipated.
    Now because of attacks on RC4 to break it's encryption RC4 ciphers are now off again in PM 25.3 by default.
     
    Compu KTed, Mar 27, 2015
    #2
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...