Temporary override for encryption settings?
Posted: 2017-11-20, 17:08
Is there an extension available (or any other method) to display which encryption method a page is trying to use, but which has been refused due to Palemoon's security settings.
Even better would be if this also gave the option to enable the encryption scheme temporarily for the page in question.
Some pages using obsolete encryption methods really need to be secure (banks, government departments, etc.) but many seem to have used encryption just for the sake of it and never bothered to update it.
As an example, I tried to access https://www.sunrisesunset.com/default.asp to print out a 2018 calendar, as I have done for many years, and Palemoon 26.5.0 refused to connect to it. Trying with http instead of https didn't work as it immediately tried to redirect to https. Security for a calendar-printing site is pointless but clearly someone thought it was a good idea. I re-enabled all of the encryption methods that were available in 24.7.2 and the page loaded. Then I clicked on the padlock icon and it told me the encryption being used was RC4. However, when i re-disabled RC4 the calendar page still loaded OK, so now I'm not sure which setting it was that allowed the page to be used. It now says it's using 3DES, which does not seem to be listed under Palemoon's advanced settings options.
Obviously it's not a good idea to enable encryption schemes en bloc every time a page won't load, and it's easy to forget which ones should be disabled again afterwards, so an extension automating this process would be useful.
Even better would be if this also gave the option to enable the encryption scheme temporarily for the page in question.
Some pages using obsolete encryption methods really need to be secure (banks, government departments, etc.) but many seem to have used encryption just for the sake of it and never bothered to update it.
As an example, I tried to access https://www.sunrisesunset.com/default.asp to print out a 2018 calendar, as I have done for many years, and Palemoon 26.5.0 refused to connect to it. Trying with http instead of https didn't work as it immediately tried to redirect to https. Security for a calendar-printing site is pointless but clearly someone thought it was a good idea. I re-enabled all of the encryption methods that were available in 24.7.2 and the page loaded. Then I clicked on the padlock icon and it told me the encryption being used was RC4. However, when i re-disabled RC4 the calendar page still loaded OK, so now I'm not sure which setting it was that allowed the page to be used. It now says it's using 3DES, which does not seem to be listed under Palemoon's advanced settings options.
Obviously it's not a good idea to enable encryption schemes en bloc every time a page won't load, and it's easy to forget which ones should be disabled again afterwards, so an extension automating this process would be useful.