-
Notifications
You must be signed in to change notification settings - Fork 513
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ciphers #931
Comments
/* xxxx: Disable weak ciphers
All these use SHA1 and CBC which should be considered broken. [1] [2]
128:
NOPFS: https://en.wikipedia.org/wiki/Forward_secrecy
DHE: Diffie-Hellman key exchange w/o Elliptic-curves
[1]: https://en.wikipedia.org/wiki/SHA-1#Attacks
[2]: https://en.wikipedia.org/wiki/POODLE#POODLE_attack_against_TLS
***/
// user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // 128;
// user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // 128;
// ^^ was 1262: disable 128 bits
// user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // 128; DHE;
// user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // DHE;
// was 1263: disable DHE (Diffie-Hellman Key Exchange)
// https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH
// user_pref("security.ssl3.rsa_aes_128_sha", false); // 128; NOFPS;
// user_pref("security.ssl3.rsa_aes_256_sha", false); // NOFPS;
// was 1264: disable other (which is not a very helpful description)
// user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
// ^^ last two are the new ones |
I like https://ja3er.com/ because it works without JS |
^^ shouldn't every |
There are other tickets for other ciphers and it will depend on what uses them |
Thorin-Oakenpants
added a commit
that referenced
this issue
Jun 27, 2020
- adds the new tests including the non-JS JA3 - Stats: the code numbers are from https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsNSSCallbacks.cpp#903 - Telemetry from SSL_CIPHER_SUITE_FULL: - go to https://telemetry.mozilla.org/ - click Measurement Dashboard, etc
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
expanding on #905
Just things to consider
type
is weaksome notes from @rusty-snake : this is ALL the ciphers
The text was updated successfully, but these errors were encountered: