Is there an extension available (or any other method) to display which encryption method a page is trying to use, but which has been refused due to Palemoon's security settings.
Even better would be if this also gave the option to enable the encryption scheme temporarily for the page in question.
Some pages using obsolete encryption methods really need to be secure (banks, government departments, etc.) but many seem to have used encryption just for the sake of it and never bothered to update it.
As an example, I tried to access https://www.sunrisesunset.com/default.asp to print out a 2018 calendar, as I have done for many years, and Palemoon 26.5.0 refused to connect to it. Trying with http instead of https didn't work as it immediately tried to redirect to https. Security for a calendar-printing site is pointless but clearly someone thought it was a good idea. I re-enabled all of the encryption methods that were available in 24.7.2 and the page loaded. Then I clicked on the padlock icon and it told me the encryption being used was RC4. However, when i re-disabled RC4 the calendar page still loaded OK, so now I'm not sure which setting it was that allowed the page to be used. It now says it's using 3DES, which does not seem to be listed under Palemoon's advanced settings options.
Obviously it's not a good idea to enable encryption schemes en bloc every time a page won't load, and it's easy to forget which ones should be disabled again afterwards, so an extension automating this process would be useful.
Temporary override for encryption settings?
Moderators: FranklinDM, Lootyhoof
Re: Temporary override for encryption settings?
Yes, that site has multiple security problems: https://www.ssllabs.com/ssltest/analyze ... sunset.com
I'd suggest opening the site in a less secure browser - IE, Chrome and Vivaldi all ignore the problem - and alert the site so they can fix it.
I'd suggest opening the site in a less secure browser - IE, Chrome and Vivaldi all ignore the problem - and alert the site so they can fix it.
Forked extensions :
● Add-ons Inspector ● Auto Text Link ● Copy As Plain Text ● Copy Hyperlink Text ● FireFTP button replacement ● gSearch Bar ● Navigation Bar Enhancer ● New Tab Links ● Number Tabs ● Print Preview Button and Keyboard Shortcut 2 ● Scrollbar Search Marker ● Simple Marker ● Tabs To Portfolio ● Update Alert ● Web Developer's Toolbox ● Zap Anything
Hint: If you expect a reply to your PM, allow replies...
Re: Temporary override for encryption settings?
A nice ambition, but I suspect that individuals railing against web sites that use bad practice is about as useful as Canute telling the tide to go back!Falna wrote:Yes, that site has multiple security problems: https://www.ssllabs.com/ssltest/analyze ... sunset.com
I'd suggest opening the site in a less secure browser - IE, Chrome and Vivaldi all ignore the problem - and alert the site so they can fix it.
In any case, why should I care if someone can see that I'm downloading a calendar? The only justification for this site using https is the general principle that perhaps all sites should use encryption to avoid drawing the attention of snoopers to those sites which genuinely need to be secure. That's a debate for another day.