Safe cipher list?

General project discussion.
Use this as a last resort if your topic does not fit in any of the other boards but it still on-topic.
Forum rules
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.

Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
User avatar
Navigator
Fanatic
Fanatic
Posts: 110
Joined: 2023-02-24, 17:53

Safe cipher list?

Unread post by Navigator » 2023-11-29, 18:07

I am trying to become better informed about browser security, and I have installed Pale Moon Commander to more easily interact with deeper configuration options. Within that is a panel to enable/disable TLS ciphers. The Commander manual 1.7.0 states "These two tabs allow you to select which encryption methods (ciphers) the browser uses to negotiate a secure connection to websites. It is recommended to leave all of the listed ciphers enabled as disabling them (even if some are deprecated for use) may break secure websites."

Despite this it seems to default to "DHE-RSA-AES" both 128 and 256 bit being disabled. Were these disabled since the manual was updated for security reasons?

Are there (other) ciphers that should proactively be disabled for best security practice?

User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 4980
Joined: 2015-12-09, 15:45
Contact:

Re: Safe cipher list?

Unread post by moonbat » 2023-11-29, 23:29

Just leave them at their defaults. The ones that need to be disabled already are.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

User avatar
jobbautista9
Keeps coming back
Keeps coming back
Posts: 784
Joined: 2020-11-03, 06:47
Location: Philippines
Contact:

Re: Safe cipher list?

Unread post by jobbautista9 » 2023-11-30, 03:06

Navigator wrote:
2023-11-29, 18:07
Despite this it seems to default to "DHE-RSA-AES" both 128 and 256 bit being disabled. Were these disabled since the manual was updated for security reasons?
They were disabled 6 years ago in this commit: https://repo.palemoon.org/MoonchildProd ... f004d4be94
Navigator wrote:
2023-11-29, 18:07
Are there (other) ciphers that should proactively be disabled for best security practice?
I think it would be best if you just leave them as-is unless you're doing some development related to TLS/SSL.
Image

merry mimas

XUL add-ons developer. You can find a list of add-ons I manage at http://rw.rs/~job/software.html.

Mima avatar by 絵虎. Pixiv post: https://www.pixiv.net/en/artworks/15431817

Image

Post Reply