General
: K-Meleon Forum
General discussion about K-Meleon.
Goto:
Forum List
•
Message List
•
Search
•
Log In
Your Name:
Subject:
Help information
BBcode help
Smileys help
[quote=margarita] [quote=gordon451] @margarita - Ummm... No. OTOH, there is [i]force_tls-3.0.0-fx.xpi[/i] which ATM only fits FF, but can be hacked to work with KM. Trouble is, I don't know how. :( Gordon.[/quote] After a couple of days reading some documents about this issue, I don't agree with the Force TLS extension way to force HTTPS connections. This extension does not work to solve this problem due that the real problem here is the non randomidez CBC [b]cipher block chaining mode[/b] of all algorithms but RC4: [i]Security specialists have suggested using RC4 to remedy the SSL/TLS vulnerability that became known to the wider public last week. Unlike AES, which is used on most servers, the stream encryption algorithm doesn't use the Cipher Block Chaining (CBC) mode. The CBC implementations in all versions up to SSL 3.0/TLS 1.0 are vulnerable to "chosen-plaintext" attacks. /....../ OpenSSL, which tends to be used with Apache web servers, doesn't yet offer TLS 1.1; there, the only effective measure is to switch to GnuTLS or RC4.[/i] http://www.h-online.com/security/news/item/First-solutions-for-SSL-TLS-vulnerability-1349813.html http://www.phonefactor.com/blog/slaying-beast-mitigating-the-latest-ssltls-vulnerability.php So, if I am right, could we solve this issue disabling all algorithms in KMeleon setting to "false" all ssl3 entries that exist in the registry but the RC4 ones? o.O[/quote]
[Please Enable JavaScript]
K-Meleon forum is powered by
Phorum
.
Home/News
Screenshots
Download
Documentation
Resources
Get Involved
Forum
Bugs
Development
