Improving the HTTPS of Firefox using HowsMySSL.com and about:config

The web site HowsMySSL gives Firefox 26.0 a score of BAD. That’s not good.

Here’s how to fix it.

Type “about:config” in your broswer URL bar. This goes to the configuration page for Firefox. When you get a warning, ignore it.

Enable TLS 1.2, and disable TLS 1.0

Search for “tls”. and you will see the following entries

security.tls.version.max
security.tls.version.min

Double-click on the “max” value and change it to “3”

Double-click on the “min” value, and change it to “1”

That fixes the TLS problem.

Eliminate 3DES from your cryptosuite

search for “_des_” – and you should see this list:

security.ssl3.dhe_dss_des_ede3_sha
security.ssl3.dhe_rsa_des_ede3_sha
security.ssl3.ecdh_ecdsa_des_ede3_sha
security.ssl3.ecdh_rsa_des_ede3_sha
security.ssl3.ecdhe_ecdsa_des_ede3_sha
security.ssl3.ecdhe_rsa_des_ede3_sha
security.ssl3.rsa_des_ede3_sha
security.ssl3.rsa_fips_des_ede3_sha

Double-click each one, setting them to “false”

3DES (Triple DES) is an obsolete encryption algorithm. It should not be used.

Now go back to http://howsmyssl.com/ and you should pass this time.

I’d like to thank for his blog post:

https://blog.dbrgn.ch/2014/1/8/improving_firefox_ssl_tls_security/

[Update – Brian Pardy’s Blog post has some more tips ]

Advertisements
This entry was posted in Security and tagged , , , , . Bookmark the permalink.

One Response to Improving the HTTPS of Firefox using HowsMySSL.com and about:config

  1. mrmarm says:

    For “eliminate 3DES”, if I only disable security.ssl3.rsa_fips_des_ede3_sha, it passes the test.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s