I am trying to become better informed about browser security, and I have installed Pale Moon Commander to more easily interact with deeper configuration options. Within that is a panel to enable/disable TLS ciphers. The Commander manual 1.7.0 states "These two tabs allow you to select which encryption methods (ciphers) the browser uses to negotiate a secure connection to websites. It is recommended to leave all of the listed ciphers enabled as disabling them (even if some are deprecated for use) may break secure websites."
Despite this it seems to default to "DHE-RSA-AES" both 128 and 256 bit being disabled. Were these disabled since the manual was updated for security reasons?
Are there (other) ciphers that should proactively be disabled for best security practice?
Safe cipher list?
Forum rules
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.
Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.
Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
-
- Knows the dark side
- Posts: 4984
- Joined: 2015-12-09, 15:45
Re: Safe cipher list?
Just leave them at their defaults. The ones that need to be disabled already are.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX
-
- Keeps coming back
- Posts: 786
- Joined: 2020-11-03, 06:47
- Location: Philippines
Re: Safe cipher list?
They were disabled 6 years ago in this commit: https://repo.palemoon.org/MoonchildProd ... f004d4be94
I think it would be best if you just leave them as-is unless you're doing some development related to TLS/SSL.
merry mimas
XUL add-ons developer. You can find a list of add-ons I manage at http://rw.rs/~job/software.html.
Mima avatar by 絵虎. Pixiv post: https://www.pixiv.net/en/artworks/15431817