Noose around Internet’s TLS system tightens with 2 new decryption attacks

Discussion in 'other security issues & news' started by lotuseclat79, Mar 27, 2015.

  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Noose around Internet’s TLS system tightens with 2 new decryption attacks.

    Consequently, the advice above in the last paragraph appears to recommend toggling from true to false the following settings in Firefox:

    security.ssl3.rsa_rc4_128_sha
    security.ssl3.rsc_rc4_128_md5
    security.ssl3.ecdhe_rsa_rc4_128_sha
    security.ssl3.ecdhe_ccdsa_rc4_128_sha

    You can check the SSL Cipher Suite Details of Your Browser here.

    -- Tom
     
    Last edited: Mar 27, 2015
  2. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    974
    Apparently the dev for Pale Moon made a decision to disable RC4 ciphers by default over a year ago (PM 24.1.0)
    Reverted back to using them in v24.1.1 because it broke more web sites than anticipated.
    Now because of attacks on RC4 to break it's encryption RC4 ciphers are now off again in PM 25.3 by default.
     
Loading...