Showing posts with label firefox. Show all posts
Showing posts with label firefox. Show all posts

2013-12-25

Firefox TLS 1.2 Support

Since release 24, Firefox supports Transport Layer Security (TLS) 1.2. However, in with standard settings Firefox does not yet enable TLS 1.2 but just uses the old Secure Socket Layer (SSL) 3.0 and TLS 1.0 standard. The SSL 3.0 and TLS 1.0 standards are vulnerable to the so called BEAST attacks.

You can change that behaviour by changing the following settings in the about:config page of Firefox:

security.tls.version.min 0
security.tls.version.max 3

The numbers are codes for the different SSL/TLS versions:

0 - SSL 3.0
1 - TLS 1.0
2 - TLS 1.1
3 - TLS 1.2

Even if the older SSL 3.0 and TLS 1.0 standards are vulnerable, it usually is not useful to disable it as a lot of webservers do not yet support the newer TLS 1.1 or TLS 1.2 standards. It would no longer be possible to connect to such sites if security.tls.version.min would be set to 2 or 3.

Posted by at
Labels: , , , , ,

2013-09-18

Global Firefox Settings on Linux

Today, I got an request to enforce various Firefox settings globally for all users on several Linux hosts.

All you have to do is creating two files in your Firefox installation directory (usually /usr/lib/firefox):

File: $FIREFOX_INSTALL_DIR/defaults/pref/000-local-config

// The file must start with a comment line
pref("general.config.filename", "local-config.js");
pref("general.config.obscure_value", 0);

File: $FIREFOX_INSTALL_DIR/local-config.js

// The file must start with a comment line

// Enforce the use of a Web Proxy Autodiscovery file
lockPref("network.proxy.autoconfig_url", "http://wpad.somedomain.com/wpad.dat");
lockPref("network.proxy.type", 2);

// Disable Firefox Save Per Side Download Feature
pref("browser.download.lastDir.savePerSite", false);

// Disable Firefox Displaying History in New Tabs
pref("browser.newtabpage.enabled", false);
pref("browser.newtabpage.url", "about:blank");

Setting set using the lockPref() function cannot be changed by the users (they are greyed out). Everything that has been set using the pref() function is valid unless the user overrides the setting.

This procedure has been tested with Firefox 23.

Posted by at
Labels: , , ,
Subscribe to: Posts (Atom)