Page 1 of 1

Safe cipher list?

Posted: 2023-11-29, 18:07
by Navigator
I am trying to become better informed about browser security, and I have installed Pale Moon Commander to more easily interact with deeper configuration options. Within that is a panel to enable/disable TLS ciphers. The Commander manual 1.7.0 states "These two tabs allow you to select which encryption methods (ciphers) the browser uses to negotiate a secure connection to websites. It is recommended to leave all of the listed ciphers enabled as disabling them (even if some are deprecated for use) may break secure websites."

Despite this it seems to default to "DHE-RSA-AES" both 128 and 256 bit being disabled. Were these disabled since the manual was updated for security reasons?

Are there (other) ciphers that should proactively be disabled for best security practice?

Re: Safe cipher list?

Posted: 2023-11-29, 23:29
by moonbat
Just leave them at their defaults. The ones that need to be disabled already are.

Re: Safe cipher list?

Posted: 2023-11-30, 03:06
by jobbautista9
Navigator wrote:
2023-11-29, 18:07
Despite this it seems to default to "DHE-RSA-AES" both 128 and 256 bit being disabled. Were these disabled since the manual was updated for security reasons?
They were disabled 6 years ago in this commit: https://repo.palemoon.org/MoonchildProd ... f004d4be94
Navigator wrote:
2023-11-29, 18:07
Are there (other) ciphers that should proactively be disabled for best security practice?
I think it would be best if you just leave them as-is unless you're doing some development related to TLS/SSL.