Bugs
: K-Meleon Forum
You can talk about issues with k-meleon here. But please, for confirmed bugs, use the bug tracker to report and give feedback on bugs.
Goto:
Forum List
•
Message List
•
Search
•
Log In
Your Name:
Subject:
Help information
BBcode help
Smileys help
[quote=gordon451] Ummmm... Some background: [quote=Wikipedia "Transport Layer Security"]TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade to SSL Version 3.0. As stated in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate."[/quote] TLS 1.1 and 1.2 both defeat the BEAST. You're right. FIPS="Federal Information Processing Standard", and FIPS 140-2 (which is what we're interested in) mandates (as far as I can see) a minimum of TLS 1.1 (SSL 3.2) and preferably TLS 1.2 (SSL 3.3). Looking at the FF and Chrome implementations, enabling FIPS means disabling TLS 1.0, SSL 2 and SSL 3. >Is it of any use to non US government users? Yes. They MUST use it. But we can get the benefit of client-side mandated security. Downside is that FIPS will break most websites that don't have TLS 1.1 or 1.2 -- but we can toggle provided we can get it to work in the first place. Gordon.[/quote]
[Please Enable JavaScript]
K-Meleon forum is powered by
Phorum
.
Home/News
Screenshots
Download
Documentation
Resources
Get Involved
Forum
Bugs
Development
