: K-Meleon Forum
General discussion about K-Meleon.
[quote=margarita] [quote=gordon451] @margarita - Ummm... No. OTOH, there is [i]force_tls-3.0.0-fx.xpi[/i] which ATM only fits FF, but can be hacked to work with KM. Trouble is, I don't know how. :( Gordon.[/quote] After a couple of days reading some documents about this issue, I don't agree with the Force TLS extension way to force HTTPS connections. This extension does not work to solve this problem due that the real problem here is the non randomidez CBC [b]cipher block chaining mode[/b] of all algorithms but RC4: [i]Security specialists have suggested using RC4 to remedy the SSL/TLS vulnerability that became known to the wider public last week. Unlike AES, which is used on most servers, the stream encryption algorithm doesn't use the Cipher Block Chaining (CBC) mode. The CBC implementations in all versions up to SSL 3.0/TLS 1.0 are vulnerable to "chosen-plaintext" attacks. /....../ OpenSSL, which tends to be used with Apache web servers, doesn't yet offer TLS 1.1; there, the only effective measure is to switch to GnuTLS or RC4.[/i] http://www.h-online.com/security/news/item/First-solutions-for-SSL-TLS-vulnerability-1349813.html http://www.phonefactor.com/blog/slaying-beast-mitigating-the-latest-ssltls-vulnerability.php So, if I am right, could we solve this issue disabling all algorithms in KMeleon setting to "false" all ssl3 entries that exist in the registry but the RC4 ones? o.O[/quote]
K-Meleon forum is powered by