Posts Tagged ‘browser’

Please first visit this bug report that I filed:

https://bugs.chromium.org/p/chromium/issues/detail?id=889072#c2

So disabling the cipher suites below in Mozilla Firefox will make certain websites inaccessible, but will make the browsing experience more secure.

It is up to you to decide if you want extra security or not.

If you wish to proceed, visit following website to test the weaknesses in your Mozilla Firefox browser:

https://www.ssllabs.com/ssltest/viewMyClient.html

Then upgrade Mozilla Firefox to the latest version.

In Mozilla Firefox, navigate to   “about:config”

Set security.tls.version.max to 4

Set security.tls.version.min to 3

Set security.ssl3.rsa_aes_128_sha to false

Set security.ssl3.rsa_aes_256_sha to false

Set security.ssl3.rsa_des_ede3_sha to false

Go back to this website to retest weaknesses:

https://www.ssllabs.com/ssltest/viewMyClient.html

After the changes above, only following Protocols and Cipher Suites should be supported by Mozilla Firefox.

HTTPS protocols TLS 1.0 and older are known to be weak and should be disabled as described above.

TLS_RSA_*_CBC_SHA Cipher Suites should not be used anymore, as they are considered weak. But disabling them will make certain websites inaccessible.

Protocols
TLS 1.3 Yes
TLS 1.2 Yes

 

Cipher Suites (in order of preference)
TLS_AES_128_GCM_SHA256 (0x1301)   Forward Secrecy 128
TLS_CHACHA20_POLY1305_SHA256 (0x1303)   Forward Secrecy 256
TLS_AES_256_GCM_SHA384 (0x1302)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)   Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)   Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy 256

Further instructions (more extensive) can be found here:

https://vikingvpn.com/cybersecurity-wiki/browser-security/guide-hardening-mozilla-firefox-for-privacy-and-security

Advertisements
cd /tmp
rm *.deb
wget --no-check-certificate https://vivaldi.com/download/
wget --no-check-certificate `grep deb index.html |grep amd64|cut -d"\"" -f4`
sudo dpkg -i vivaldi*.deb
sudo apt-get install -f
# first remove old installation of seamonkey web browser
cd /tmp
rm index.html
sudo rm -rf /opt/seamonkey /usr/bin/seamonkey /tmp/seamonk*
# install bleeding edge version of seamonkey web browser
wget --no-check-certificate http://ftp.mozilla.org/pub/mozilla.org/seamonkey/nightly/latest-comm-aurora/
filename=`grep bz2 index.html|grep x86_64|tail -n 1|cut -d"\"" -f8`
wget --no-check-certificate http://ftp.mozilla.org/pub/mozilla.org/seamonkey/nightly/latest-comm-aurora/`echo $filename`
tar -xjvf `echo $filename`
sudo cp -r seamonkey /opt/seamonkey
sudo ln -sf /opt/seamonkey/seamonkey /usr/bin/seamonkey