Pale Moon Sync got tighter security

Pale Moon releases and site news
(read-only)
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Pale Moon Sync got tighter security

Unread post by Moonchild » 2016-08-03, 09:37

With the maintenance window today, Pale Moon Sync has been reconfigured to have tighter security.
RC4 has been removed completely as an option, and DH parameters have been changed to 2048 bits to avoid known weak-key exploits on encryption in transport.

Particularly old and unsupported versions of Pale Moon and/or Android will as a result no longer be able to synchronize data. If this is the case, please upgrade to a supported or current version, or, if this is not an option, please set up your own private Sync server.

Of note: transport security is of course important for Sync, but even if compromised, your data would still be secure because Pale Moon Sync never sends user data to the server in a recoverable way without your private recovery key.

If you run into any issues not covered by this announcement as a result of these changes, then please post on the forum in the appropriate board for Sync.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked