dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7896
share rss forum feed

evoxllx

join:2007-06-07
Winter Park, FL
reply to Dude111

Re:  

said by Dude111:

Interesting that IE10 only supports 128bit (Same as IE6) -- What does IE7,8 and 9 support??

The version of IE is irrelevant since IE relies on SChannel.

AFAIK, Windows XP doesn't support any AES ciphers, so you're effectively stuck with RC4 and 3DES on any version of IE when using Windows XP.

Windows Vista and higher supports AES in 128-bit and 256-bit.

The most accurate way to determine which ciphers are supported is to have Wireshark running and look at the ClientHello for each browser when going to an HTTPS site.


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL

2 edits
reply to evoxllx

Re: Check Your Browser's Encryption Preferences

said by evoxllx:

Here's a good video you should take a look at.

Very interesting, thanks.

(not an end-all, but ...)

Q: What's HTTPS and why is that important for NoScript users?

Q: What can NoScript do against HTTPS cookie hijacking?

Best Practices for Sensitive Sites

Rojo

join:2009-04-14
New York, NY
kudos:1
reply to Mele20

said by Mele20:

...I told him that I spent 1/2 hour searching the Chase site for the encrypted logon page that I figured was still there somewhere. I told him I had found it. He said "You found it? Really? We've been looking all day for it. Where is it on the site?"

I am glad to see that Chase got some sense again.

I too hated the fact that the Chase login page was http.

One day years ago after making a login mistake I noticed the error page telling me to try again was https.

Got a brainstorm and bookmarked that page.
Been using it as my encrypted login page ever since


kickass69

join:2002-06-03
Lake Hopatcong, NJ
reply to Mele20

Question remains why isn't TLS 1.2 in Firefox and why isn't that the standard by now for TLS?



therube

join:2004-11-11
Randallstown, MD

> Question remains why isn't TLS 1.2 in Firefox

»Re: Check Your Browser's Encryption Preferences


evoxllx

join:2007-06-07
Winter Park, FL

1 edit
reply to kickass69

said by kickass69:

Question remains why isn't TLS 1.2 in Firefox and why isn't that the standard by now for TLS?

Firefox and Chrome should be getting it soon, since patches for it have been sent up to NSS.

The main reason it hasn't been widely adopted is due to broken network devices and broken servers. Many broken devices and servers freak out and start dropping TCP connections if they see a higher version of TLS than 1.0.

This is exactly the reason why TLS 1.1 and 1.2 are supported by Opera and IE (SChannel), but are disabled by default.

Safari (iOS 5+) added support for TLS 1.2 (enabled by default), and it triggered a lot of problems due to those broken devices and servers.

I think it's time to disregard these broken devices and servers, much like everyone did for the 1/n-1 record splitting BEAST fix, which broke compatibility with a number of buggy servers.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

Why would Fx be getting TLS 1.2 "soon" when it doesn't even have TLS 1.1?



norwegian
Premium
join:2005-02-15
Outback

evoxllx's mention of TSL 1.0 and web pages is requite relevant, since all the uproar over the inherent weaknesses discovered, not many sites will work on anything more than ver 1.0 still.
If the browsers and web pages at large fix this, then I think it a positive jump forward, be that next week or next quarter.


evoxllx

join:2007-06-07
Winter Park, FL

1 edit
reply to Mele20

said by Mele20:

Why would Fx be getting TLS 1.2 "soon" when it doesn't even have TLS 1.1?

Firefox is always slow to to enable new crypto features and fixes. They were actually the *last* browser to patch against the BEAST attack, with the exception of Safari, which never patched it at all.

The major security benefit of TLS 1.1, the explicit CBC IVs, was retrofitted to previous versions in the form of 1/n-1 record splitting.

The major point for TLS 1.2 right now is AES-GCM, since that will allow people to get away from both RC4 and CBC mode ciphers.

said by norwegian:

evoxllx's mention of TSL 1.0 and web pages is requite relevant, since all the uproar over the inherent weaknesses discovered, not many sites will work on anything more than ver 1.0 still.
If the browsers and web pages at large fix this, then I think it a positive jump forward, be that next week or next quarter.

TLS 1.1-1.2 support is on the rise for servers, it can be seen on sslpulse.

»www.trustworthyinternet.org/ssl-pulse/

Over 22,000 sites support TLS 1.2 now, many big sites as well.