Disabling RC4
It is recommended you disable RC4 in your browser for added security as this cipher (an algorithm to perform encryption/decryption of data) as been compromised, Microsoft even issued a security advisory recommending to do so. BEWARE, this manipulation might break some websites using HTTPS.
1. In Firefox, open a new tab. In the address bar type:
about:configThis will call up Firefox's application settings page in which you can modify all of Firefox advanced, under-the-hood settings.
2. Ignore the warning and press I'll be careful, I promise! You can read more about about:config on Mozilla's official wiki page. In the search bar at the top of the page write RC4 and it will filter all of the keys using RC4. Double-click all of the 6 keys so that their value turns to false as in the image below.
The entries are:
security.ssl3.ecdh_ecdsa_rc4_128_sha
security.ssl3.ecdh_rsa_rc4_128_sha
security.ssl3.ecdhe_ecdsa_rc4_128_sha
security.ssl3.ecdhe_rsa_rc4_128_sha
security.ssl3.rsa_rc4_128_md5
security.ssl3.rsa_rc4_128_sha
3. That's it, you're done!
Enabling TLS 1.2
TLS (Transport Layer Security) provides secure communication channels over the Internet. It's what enables HTTPS. The newest version of the protocol fixes loopholes that can be used by exploits in SSL/TLS 1.0 and 1.1 which make it possible to break encryption on HTTPS connections. Keep in mind this only enables TLS 1.2 but doesn't enforce it, it's up to the website you visit to support it.
1. In about:config, search for security.tls.version.max.
2. Double-click the entry and set it's value to 3.
3. You're done! Read more about TLS in the Firefox Knowledge Base.
No comments :
Post a Comment