Safe cipher list?

Navigator · Unread post by **Navigator** » 2023-11-29, 18:07

I am trying to become better informed about browser security, and I have installed Pale Moon Commander to more easily interact with deeper configuration options. Within that is a panel to enable/disable TLS ciphers. The Commander manual 1.7.0 states "These two tabs allow you to select which encryption methods (ciphers) the browser uses to negotiate a secure connection to websites. It is recommended to leave all of the listed ciphers enabled as disabling them (even if some are deprecated for use) may break secure websites."

Despite this it seems to default to "DHE-RSA-AES" both 128 and 256 bit being disabled. Were these disabled since the manual was updated for security reasons?

Are there (other) ciphers that should proactively be disabled for best security practice?

Unread post by **moonbat** » 2023-11-29, 23:29

Just leave them at their defaults. The ones that need to be disabled already are.

絵虎 · Unread post by **jobbautista9** » 2023-11-30, 03:06

Navigator wrote: ↑
2023-11-29, 18:07
Despite this it seems to default to "DHE-RSA-AES" both 128 and 256 bit being disabled. Were these disabled since the manual was updated for security reasons?

They were disabled 6 years ago in this commit: https://repo.palemoon.org/MoonchildProd ... f004d4be94

Navigator wrote: ↑
2023-11-29, 18:07
Are there (other) ciphers that should proactively be disabled for best security practice?

I think it would be best if you just leave them as-is unless you're doing some development related to TLS/SSL.

Pale Moon forum

Safe cipher list?

Safe cipher list?

Re: Safe cipher list?

Re: Safe cipher list?