MozillaWiki

Security:Renegotiation: Difference between revisions

Page Discussion

Security:Renegotiation (view source)

Revision as of 13:24, 10 December 2010

17 bytes added ,  10 December 2010
→‎security.ssl.require_safe_negotiation
Line 145: Line 145:
If set to true, a Mozilla client will reject all connection attempts to servers that are still using the old SSL/TLS protocol and which might be vulnerable to the attack.
If set to true, a Mozilla client will reject all connection attempts to servers that are still using the old SSL/TLS protocol and which might be vulnerable to the attack.


Setting this preference to “true” is the only way to guarantee full protection against the attack. Unfortunately, as of time of writing, this would break nearly all secure sites on the web. Update: As of December, this still applies for a majority of web sites.
Setting this preference to “true” is the only way to guarantee full protection against the attack. Unfortunately, as of time of (initial) writing, this would break nearly all secure sites on the web. (Update: As of December 2010, this still applies for a majority of web sites.)


Eventually, if enough sites have been upgraded to the new protocol versions, this preference will be set to “true” by default.
Eventually, if enough sites have been upgraded to the new protocol versions, this preference will be set to “true” by default.
Kaie
Confirmed users
563

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/273115"