j.maxuel at gmail.com
Thu Apr 18 07:31:52 ADT 2019
I have encountered the reverse problem with modern browsers. Firefox and
chromium (and derivatives) don't like, or refuse to do TLS 1.0 at this
point (Firefox needs a few security options flipped to resolve this,
chromium has no workaround AFAIK).
FWIW, I do have a use case for this, and no, it's not for anything outside
operates under a short whitelist.
Browsers change behaviour (Chrome has since moved or removed this detail
however if you can find the right version of any of the popular ones):
Example, slashdot now forwards HTTP traffic to HTTPS with "TLS 1.2, AES
with 256 bit encryption (High); ECDH_P384 with 256 bit exchange".
Alternatively, you can share (if comfortable in doing so) a couple websites
that you suspect have changed their base security settings (and we can look
at the HTTPS details).
"One should strive to achieve, not sit in bitter regret."
- Ronan Harris / Mark Jackson
On Thu, Apr 18, 2019 at 2:58 AM Mike Spencer <mspencer at tallships.ca> wrote:
> I'm encountering web sites that a browser won't talk to. Variously,
> there's a report of a crypto mismatch or the remote site just closes
> the connection.
> Browsers both claim to support TLS 1.2.
> Are sites already requiring TLS 1.3? Or do some implementations use
> differing crypto protocols unsupported by others? Or something else?
> Is there a way, short of deciphering a packet sniffer's output (such
> as Wireshark) to get a report on what, exactly, happens in the setup
> negotiation for HTTPS? wget(1) will report the HTTP headers but not what
> happens in the security setup phase.
> Is there a way to beat this up, understand what's going on, without
> reading a slew of RFCs?
> - Mike
> I know, I know, "Do you have the latest browser available?" No, I
> don't. Every new version implements something I don't want that I
> have to try to disable or disables something I rely on forcing a
> work-around or abject submission. I just learned about the "ping"
> attribute for anchor tags, one more thing to filter.
> Michael Spencer Nova Scotia, Canada .~.
> mspencer at tallships.ca /( )\
> http://home.tallships.ca/mspencer/ ^^-^^
> nSLUG mailing list
> nSLUG at nslug.ns.ca
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nSLUG