No announcement yet.

Heartbleed vs Firefox in year 2020. What is going on?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Heartbleed vs Firefox in year 2020. What is going on?

    * Everyone is still using OpenSSL instead of LibreSSL and in lieu of heartbleed lets look at DEFAULT Firefox (year 2020) configs:

    security.ssl.require_safe_negotiation ---> Default value is FALSE
    security.ssl.treat_unsafe_negotiation_as_broken ---> Default value is FALSE

    Anyone has any thoughts about it?

  • #2
    My thought is the world is full of web sites that haven't been patched in ... well in some cases ever. Will changing those break a lot of sites? If so most end users won't know to go in and change them they will just say "Hey Chrome works and Firefox sucks" or some thing to that effect. Is it fair? No. Is that the real world? Yes.


    • #3
      Good luck with MITM attacs on your connection, esp. with your bank. Everyone can tap in the middle. Without these two setting Firefox will not report broken SSL communication. You want this, your problem mr fakename.