If you're running Firefox 23 or newer, you can now choose to support newer and safer TLS encryption versions. Unfortunately, there are some very broken websites that choke if your browser declares support for these newer versions, so Mozilla has not enabled it by default.
To upgrade your TLS version, go to about:config and search for 'security.tls.max_version' (only Firefox 23 and newer have this setting).
0 = SSL 3.0. This should be your minimum.
1 = TLS 1.0. Firefox <= 22 supports this.
2 = TLS 1.1. Firefox 23 supports this.
3 = TLS 1.2. Firefox 24 will support this.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:23.0) Gecko/20100101 Firefox/23.0
Thanks!
Though, does this really make it a significant difference security-wise as long as falling back to old versions (down to SSL 3.0, thank goodness not 2.0 any more) is still supported? You would have to change security.tls.version.min too, but this is then certainly going to break a lot more (see slide 37 of http://blog.ivanristic.com/downloads/Qu ... 0-v1.6.pdf for TLS version support stats from 2010).
/edit:
https://bugzil.la/861266#c15 wrote:Given that 24 is already in Aurora, and even TLS v1.1 is not yet implemented (but in progress), this bug will not be fixed in ESR 24.
Mozilla/5.0 (Windows NT 6.2; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
dhouwn wrote:Thanks!
Though, does this really make it a significant difference security-wise as long as falling back to old versions (down to SSL 3.0, thank goodness not 2.0 any more) is still supported?
It makes a difference to some attacks, yes. An attacker would have to interfere with your traffic and persuade everyone to downgrade, which is harder than just snooping.
I've also taken to disabling RC4 cipher suites (using the CipherFox extension, but you can do it manually by searching for rc4 in about:config). Unfortunately my bank uses RC4 exclusively :s
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:23.0) Gecko/20100101 Firefox/23.0