user.js Test whether the world is ready for security.ssl.require_safe

Mar 13 '17 21:03 pyllyukko

Seems like one of the many implementations that web admins tend to ignore: https://forum.palemoon.org/viewtopic.php?t=14549#p104106

Mar 14 '17 17:03 Atavic

It's not a matter of configuration, but upgrading the underlying TLS library to a version that supports RFC5746.

Mar 18 '17 08:03 pyllyukko

At least www.vmware.com is not ready :frowning_face:

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated

Apr 11 '17 11:04 pyllyukko

World doesn't seem ready yet, as RFC is actually supported by OpenSSL and others, but it's rarely implemented on the mail and webservers?

On Thunderbird: security.ssl.warn_missing_rfc5746;1

May 29 '17 18:05 Atavic

I know this is ancient but just adding that this broke Hulu login (auth.hulu.com) for me. 😞

Feb 01 '19 16:02 jakejarvis

Blame Hulu admins.

Feb 01 '19 18:02 Atavic

@Atavic oh yes, to be clear I'm definitely not blaming you guys! I'm just sad that some of the biggest websites are still way behind on implementing this almost two years later.

Feb 01 '19 18:02 jakejarvis

identify.nordea.com not ready :(

nordea