Atavic
commented
5 years ago Both ghacks user.js and pyllyukko have: user_pref("security.tls.version.max", 4);
Open Techguyprivate opened 5 years ago
Atavic
commented
5 years ago Both ghacks user.js and pyllyukko have: user_pref("security.tls.version.max", 4);
Techguyprivate
commented
5 years ago I think that Security.tls.version.minimum should be set to 3 to disable TLs 1.0 &1.1 . Setting security.tls.version.max", 4 enables TLS 1.3 .
Atavic
commented
5 years ago ghacks user.js has user_pref("security.tls.version.min", 3); commented out (inactive).
Pyllyukko sets user_pref("security.tls.version.min", 1);
Atavic
commented
5 years ago A few sites still use old TLS versions.
Techguyprivate
commented
5 years ago Librefox aims to be secure & private. So it should be disable. Chrome disabled it already.
intika
commented
5 years ago Thanks for reporting that i will change it in the upcoming update ;)
androidacy-user
commented
5 years ago I think minimum should be 1.2. Some sites haven't implemented 1.3 yet. TLS 1.0/1 were upgraded for a reason
Sent from my TETRA using FastHub
I think that it will be good for privacy and security to disable tls 1.0 & 1.1 completely . They are old & vulnerable. They are dangerous, false security.
Setting tls.version.minimum to 3 in about:config does that. But better will be completely removing the entire code. Chrome wants to do it before next year, i.e before 2020. Same for firefox.
Chromiun based browser have already done it.
Example of just a page.
https://webservices.ignou.ac.in/Pre-Question/ The above link or related websites are acessed by millions in India. A open university's websites. I can intercept their enrollment no., date of birth easily which are required to put for exam results, grade card to see. Shit.