Temporary override for encryption settings?

General discussion, compatibility and contributed extensions.

Moderators: satrow, Lootyhoof, Andrew Gilbertson

User avatar
Trinoc
Fanatic
Fanatic
Posts: 195
Joined: Thu, 24 Oct 2013, 18:09
Location: UK

Temporary override for encryption settings?

Postby Trinoc » Mon, 20 Nov 2017, 17:08

Is there an extension available (or any other method) to display which encryption method a page is trying to use, but which has been refused due to Palemoon's security settings.

Even better would be if this also gave the option to enable the encryption scheme temporarily for the page in question.

Some pages using obsolete encryption methods really need to be secure (banks, government departments, etc.) but many seem to have used encryption just for the sake of it and never bothered to update it.

As an example, I tried to access https://www.sunrisesunset.com/default.asp to print out a 2018 calendar, as I have done for many years, and Palemoon 26.5.0 refused to connect to it. Trying with http instead of https didn't work as it immediately tried to redirect to https. Security for a calendar-printing site is pointless but clearly someone thought it was a good idea. I re-enabled all of the encryption methods that were available in 24.7.2 and the page loaded. Then I clicked on the padlock icon and it told me the encryption being used was RC4. However, when i re-disabled RC4 the calendar page still loaded OK, so now I'm not sure which setting it was that allowed the page to be used. It now says it's using 3DES, which does not seem to be listed under Palemoon's advanced settings options.

Obviously it's not a good idea to enable encryption schemes en bloc every time a page won't load, and it's easy to forget which ones should be disabled again afterwards, so an extension automating this process would be useful.

Falna
Lunatic
Lunatic
Posts: 279
Joined: Sun, 23 Aug 2015, 17:56
Location: UK

Re: Temporary override for encryption settings?

Postby Falna » Mon, 20 Nov 2017, 18:31

Yes, that site has multiple security problems: https://www.ssllabs.com/ssltest/analyze ... sunset.com

I'd suggest opening the site in a less secure browser - IE, Chrome and Vivaldi all ignore the problem - and alert the site so they can fix it.

User avatar
Trinoc
Fanatic
Fanatic
Posts: 195
Joined: Thu, 24 Oct 2013, 18:09
Location: UK

Re: Temporary override for encryption settings?

Postby Trinoc » Tue, 21 Nov 2017, 15:23

Falna wrote:Yes, that site has multiple security problems: https://www.ssllabs.com/ssltest/analyze ... sunset.com

I'd suggest opening the site in a less secure browser - IE, Chrome and Vivaldi all ignore the problem - and alert the site so they can fix it.

A nice ambition, but I suspect that individuals railing against web sites that use bad practice is about as useful as Canute telling the tide to go back!

In any case, why should I care if someone can see that I'm downloading a calendar? The only justification for this site using https is the general principle that perhaps all sites should use encryption to avoid drawing the attention of snoopers to those sites which genuinely need to be secure. That's a debate for another day.


Return to “Browser extensions”

Who is online

Users browsing this forum: No registered users and 4 guests