How To Make Your Browser A Little More Secure

I searched high and low on the internet for a guide to secure my browsing session and disable web servers from preferring insecure SSL sessions. Many websites, such as amazon.com, in an effort to gain better performance, will prefer slightly more insecure methods for establishing a secure SSL session. Unfortunately, I have not found a way to override that preference with the client (browser) preference instead. However, it's probably a better idea to disable any and all weak encryption algorithms in any ways. Two very useful link to verify both a browser and web server's security stance is given below:

Browser accepted security protocols:
https://cc.dcsec.uni-hannover.de/

Web Server accepted security protocols:
https://www.ssllabs.com/ssltest/index.html

Step 1: 
Stop using browsers that do not support SSL encryption algorithm configuration. (Sorry Chrome)

Step 2: 
Download Firefox, which does allow one to

Step 3: 
Go To: about:config

Step 4: 
Search: security.ssl3.

Step 5: 
Set all to false that do not start with ecdhe or ecdh or dhe.
             Set all to false that contain des, md5, dss, aes_128, rc4, camellia, etc.


My list is:

  • security.ssl3.ecdhe_rsa_aes_256_sha;true
  • security.ssl3.ecdhe_ecdsa_aes_256_sha;true
  • security.ssl3.ecdh_rsa_aes_256_sha;true
  • security.ssl3.ecdh_ecdsa_aes_256_sha;true
  • security.ssl3.dhe_rsa_aes_256_sha;true

EVERYTHING ELSE IS FALSE

Sadly, many websites will not support this, so if you run into trouble, this one will fix it, although RSA seems to be questionable due to the recent security leaks that has been in the news.


  • security.ssl3.rsa_aes_256_sha;true

Comments

Popular posts from this blog

Using Audacity as an Oscilloscope

Using Google Command Line Tools to post my Computer Systems Notes

Ping utility that targets a specific port