: K-Meleon Forum
General discussion about K-Meleon.
[quote=margarita] [quote=gordon451] [quote]...could we solve this issue disabling all algorithms in KMeleon setting to "false" all ssl3 entries that exist in the registry but the RC4 ones?[/quote] Unfortunately, no. Problem is that while our computers and OSs might support current technology like TLS 1.1 and 1.2, most websites are stuck in last decade, maybe last century. Very few servers can do better than TLS 1.0, which is already compromised. Check out your favourite server [url=https://www.ssllabs.com/ssldb/index.html]on the Qualys SSL Server Test[/url]. The results will surprise you. Or maybe just confirm your worst suspicions. ForceTLS is not a good way of solving the problem. But it is the only way we have -- we must start a campaign as Opera did years ago to "Open the Web (to Opera browsers)", by encouraging people to contact their ISPs and websites they do business with, asking them to please upgrade their security. At the moment, for many people, ForceTLS is the only way of improving security. Gordon.[/quote] If all the cipher algorithms of Kmeleon are disabled but RC4, the server only can stablish a connection with us using the RC4 protocol. ForceTLS is unable to randomize or modify CBC strings of AES, Camellia and triple-DES, so it's unexpected to solve this problem. The RC4 algorithm is the only one that is not at risk at this moment. o.O[/quote]
K-Meleon forum is powered by