[HTTPS-Everywhere] security.tls.version level settings in firefox
Maciej Soltysiak
maciej at soltysiak.com
Sat Jan 17 09:09:35 PST 2015
Hi David,
On Sat, Jan 17, 2015 at 5:52 PM, David W. Armstrong <
dwarmstrong at optonline.net> wrote:
> Since from the comments, the intent of the code is to disable a setting of
> 0 for security.tls.version.min, it would seem good to check for the current
> setting and only change it to 1 if it is less than 1. That way the user can
> more easily choose to maintain a higher security setting.
>
As a user and someone who cares for this setting I would agree with you
that the intent to disable ssl3 shouldn't lower the bar for a user who set
it to more. +1 from me.
This actually is something I've been thinking about for some time: how do
you ensure that nothing changes your carefully crafted settings? I mean, I
disable RC4 and DES ciphers.
Best regards,
Maciej
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20150117/b5a4df46/attachment.html>
More information about the HTTPS-Everywhere
mailing list