On Jan 2, 2008 11:55 AM, Paul Hoffman <[EMAIL PROTECTED]> wrote: > Greetings again. I have a need for a version of Firefox that allows > me to pick the specific ciphersuite offered in a TLS exchange. Having > not seen this in any Firefox plugin or extension, I suspect that this > might not be possible, but I could have missed the extension. > > Does anyone know of a way to force Firefox to only offer one > specified ciphersuite when starting a TLS connection? If not, is it > even possible? I'm OK if I have to use FF 3beta.
You can do this with the current versions of Firefox. In FF 2.0.0.x, you can only enable or disable SSL 3.0 and TLS 1.0 in the regular UI: Tools -> Options... -> Advanced -> Encryption. There are checkboxes for "Use SSL 3.0" and "Use TLS 1.0". (SSL 2.0 is disabled by default in FF 2.0.0.x." To enable or disable the cipher suites, you need to use the "about:config" interface. Type "about:config" into the location/address bar. Then type "ssl" or "tls" into the "Filter" text field. You will see all the SSL/TLS related configuration settings. For each cipher suite, you can click on its value to toggle between "true" and "false". The "security.ssl3.*" cipher suites apply to both SSL 3.0 and TLS 1.0 in spite of the "ssl3" in the settings' names. Note also the security.enable_ssl2 setting for enabling/disabling SSL 2.0. Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
