[HTTPS-Everywhere] security.tls.version level settings in firefox
Jacob Hoffman-Andrews
jsha at eff.org
Sat Jan 17 10:29:02 PST 2015
Thanks for writing in! We've got a fix for this that's going into
the next 4.0.3 stable release, next week.
On 01/17/2015 09:09 AM, Maciej Soltysiak wrote:
> Hi David,
>
> On Sat, Jan 17, 2015 at 5:52 PM, David W. Armstrong <
> dwarmstrong at optonline.net> wrote:
>
>> Since from the comments, the intent of the code is to disable a setting of
>> 0 for security.tls.version.min, it would seem good to check for the current
>> setting and only change it to 1 if it is less than 1. That way the user can
>> more easily choose to maintain a higher security setting.
>>
> As a user and someone who cares for this setting I would agree with you
> that the intent to disable ssl3 shouldn't lower the bar for a user who set
> it to more. +1 from me.
>
> This actually is something I've been thinking about for some time: how do
> you ensure that nothing changes your carefully crafted settings? I mean, I
> disable RC4 and DES ciphers.
>
> Best regards,
> Maciej
>
>
>
> _______________________________________________
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
> https://lists.eff.org/mailman/listinfo/https-everywhere
>
More information about the HTTPS-Everywhere
mailing list