Closed
Bug 1430671
Opened 6 years ago
Closed 6 years ago
Disable 3DES suites
Categories
(Firefox :: Security, enhancement)
Tracking
()
RESOLVED
DUPLICATE
of bug 1227524
People
(Reporter: mark, Unassigned)
Details
Triple-DES is a known weak cipher with feasible attacks similar to RC4. It should be disabled by default in Firefox. Having it enabled and actively negotiated is a risk for users of Firefox. I'm aware that mainstream browsers need to be careful about these things because they may "break the web" but the number of sites affected is relatively small (we've been running without 3DES for over a year -- since Sept 2016 -- and only a small handful of sites, almost invariably running ISS 6.0 (!), are problematic to this day; others have cleaned up their act after our users notified them). It's clear that the sites still left despite evangelism are not going to change their ways unless they are forced to. It's about time this particular status quo is broken. This is 2018; people should no longer be running 15+ year old server software for public "secure" servers that is 3 years past EoL for the OS it came with (Server 2003). Someone has to go first -- might as well be the browser that positions itself as valuing privacy and security highly. (I did search for other bugs but surprisingly found none filed for this change)
Comment 1•6 years ago
|
||
This is tracked in bug 1227524.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•