💾 Archived View for frosch03.de › 2014-01-08-SecureYourFirefox.gmi captured on 2021-11-30 at 20:18:30. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Have a look at howsmyssl.com(1). If your client isn't "Probably Okay" open: about:config(2) and set the following:
(1): https://www.howsmyssl.com/
First of all, i got this link(3) via twitter (@andreasdotorg(4)). So i clicked it and was a bit shocked. My browser, firefox 26, used only TLS 1.0 and also it used broken SSL ciphers, in particular RC4.
(3): https://www.howsmyssl.com/
(4): https://twitter.com/andreasdotorg
A quick web research revealed, that the Mozilla developers implemented TLS 1.2 within the NSS(5) library with version 3.15.1, in the middle of 2013. Maybe i didn't have that version installed. A quick look into my linux told me, that i have installed nss in version 3.15.3. So what is the matter with my firefox?
(5): https://developer.mozilla.org/en-US/docs/NSS
After more research i learned, that i have everything needed for TLS 1.2 but it's not activated within firefox 26 by default. (Can anyone explain to me, why this is?)
Anyhow, it is possible to activate TLS 1.2 in firefox 26 pretty easy. Just switch to the configuration (about:config(6)) and navigate to: security.tls.version.max. Set the Value to 3.
After that, deactivate the following ssl ciphers (by setting them to false):
After that, restart your browser and navigate again to howsmyssl.com(7). You should now be "Probably Okay" ;-)