Security in Firefox 2 编辑

This article discusses changes that affect security in Firefox 2.

Weak ciphers disabled by default

Firefox 2 disables SSLv2 and the weak "export" cipher suites (those with key lengths less than 64 bits) by default, in favor of SSLv3. This provides improved security.

The preferred encryption methods are TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA and TLS_RSA_WITH_3DES_EDE_CBC_SHA. Some servers refer to these as SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA and SSL_RSA_WITH_3DES_EDE_CBC_SHA.

If SSLv2 support must be enabled, it can be by setting the appropriate security.ssl2.* user preferences to true.

New features

  • Firefox 2 supports Elliptic Curve Cryptography in TLS. Support is presently limited to curves of 256, 384, and 521 (yes, 521) bits.
  • Firefox 2 supports the TLS server name indication extension to facilitate secure connections to servers hosting multiple virtual servers on a single underlying network address, as per RFC 3546.
  • When Firefox 2 makes an OCSP request to validate a web server's certificate, it now uses the proxy that has been configured for normal HTTP traffic.

Determining what ciphers are available

As always, you can find out what ciphers are supported -- and which are enabled or disabled -- by going to about:config and searching on "ssl" or "tls".

Security improved for the jar: protocol

In order to correct a potential security problem when using the jar: protocol, it's now necessary to serve JAR files with the MIME type application/java-archive. See Security and the jar protocol for further details.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:60 次

字数:2678

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文