: K-Meleon Forum
You can talk about issues with k-meleon here.
[quote=gordon451] Ummmm... Some background: [quote=Wikipedia "Transport Layer Security"]TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade to SSL Version 3.0. As stated in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate."[/quote] TLS 1.1 and 1.2 both defeat the BEAST. You're right. FIPS="Federal Information Processing Standard", and FIPS 140-2 (which is what we're interested in) mandates (as far as I can see) a minimum of TLS 1.1 (SSL 3.2) and preferably TLS 1.2 (SSL 3.3). Looking at the FF and Chrome implementations, enabling FIPS means disabling TLS 1.0, SSL 2 and SSL 3. >Is it of any use to non US government users? Yes. They MUST use it. But we can get the benefit of client-side mandated security. Downside is that FIPS will break most websites that don't have TLS 1.1 or 1.2 -- but we can toggle provided we can get it to work in the first place. Gordon.[/quote]
K-Meleon forum is powered by