Firefox SSL settings

Setup your Mozilla Firefox browser on your PC or Smartphone to have strong encryption and better privacy by eliminating the weak SSL encryption. Look at the image here og further below in plain text.

Once after you setup your Firefox browser and / or PC, along with allowed addons on your PC (Smartphone only allows WebRTC, HTTPS Everywhere, I don't care about cookies, Privacy Badger, uBlock Origin, AdBlocker for YouTube, YouTube No Annotations).

• Only in PC setup your GPedit.msc to only use strong encryption also on your Internet Option disabling the weak SSL and TLS encryptions.

Opinion: Dropped (Disabled) TLS 1.0 and TLS 1.1 are good, but not good enough. It should just be removed outright. Also adding DHE_RSA_AES_CBC and RSA_AES_GCM does not make it even better, it is still highly easily obtainable and still not good enough encryption due to not having forward secrecy. Since there are no real encryption for DHE_RSA_AES_CBC not but least also RSA_AES_GCM. They should just not exist on any browser encryption.

Firefox 78.0 has new vulnerability, so, if you want to update, please, configure your SSL encryption to add our new encryption vulnerabilities. Hence they now dropped TLS 1.0 and 1.1 along with added DHE and RSA_AES_GCM cipher suites, this causes to have cipher suites open vulnerability among it. Who didn't made any encryption verification, I have no clue, and it has seriously impact if you don't take care of it!

Release date for Firefox 78.0 June 30th 2020. It was still an issue on Firefox 78.0.1. Confirmed fix on 78.0.2.

If you have chosen to install the latest version of Firefox, please at once add two encryptions and disable them by Boolean configuration setting. The following encryptions: (dhe_rsa_aes_128_cbc_sha and dhe_rsa_aes_256_cbc_sha and) rsa_aes_128_gcm_sha256 and rsa_aes_256_gcm_sha384. You may leave the last one enabled, since Microsoft Support, Online Banking and Providers seems to be very fund of this very low encryption RSA _AES_SHA very much. Because it is cheap, so they don''t care about your online safety. If you ask me, better upgrade that encryption, if you don't want to risk issues in the further future.

Firefox has now removed DHE_RSA_AES_CBC that seemed to be overseen when they released Firefox 78.0.0, and on patch they have removed it on 78.0.2 and it was released July 9, 2020.

These are not included on the Firefox 78.0 SSL encryption configurations, please, add these, they are necessary to be added and disable them!

When you start your browser, type in

about:config

press enter.

Type in the searchbar ' SSL '.

1. Add encryption by it's encryption name: dhe_rsa_aes_128_cbc_sha - here below is the full name you can copy and add it as disabled boolean:

security.ssl3.dhe_rsa_aes_128_cbc_sha

2. Add encryption by it's encryption name: dhe_rsa_aes_256_cbc_sha - here below is the full name you can copy and add it as disabled boolean:

security.ssl3.dhe_rsa_aes_256_cbc_sha

1. Add encryption by it's encryption name: rsa_aes_128_gcm_sha256 - here below is the full name you can copy and add it as disabled boolean:

security.ssl3.rsa_aes_128_gcm_sha256

2. Add encryption by it's encryption name: rsa_aes_256_gcm_sha384 - here below is the full name you can copy and add it as disabled boolean:

security.ssl3.rsa_aes_256_gcm_sha384

This one you might want to keep, the last one, or enable it if the page you enter are from Microsoft Support, your online Banking or Telemarking provider or your public page that only seems to support such low encryption, that should never be accepted to begin with, because it is prone for attacks, but it is a little better than RSA_AES_SHA. Never than less, don't accept it unless you really have to visit it.

When you start your browser, type in

about:config

press enter.

Type in the searchbar ' SSL '.

1. Activate by changing it to true.

security.ssl.errorReporting.automatic

2. Disable low encryption by changing it to false.

security.ssl3.dhe_rsa_aes_128_sha

3. Disable low encryption by changing it to false.

security.ssl3.dhe_rsa_aes_256_sha

4. Disable low encryption by changing it to false.

security.ssl3.ecdhe_ecdsa_aes_128_sha

5. Disable low encryption by changing it to false.

security.ssl3.ecdhe_rsa_aes_128_sha

6. Disable low encryption by changing it to false.

security.ssl3.rsa_aes_128_sha

7. Disable low encryption by changing it to false.

security.ssl3.rsa_des_ede3_sha

For overall and overkill best encryption done by with test from Qualys SSL Labs with ' Test your browser ' test these are best to disable according to the result.

When you start your browser, type in

about:config

press enter.

Type in the searchbar ' SSL '.

1. Activate by changing it to true.

security.ssl.errorReporting.automatic

2. Disable low encryption by changing it to false.

security.ssl3.dhe_rsa_aes_128_sha

3. Disable low encryption by changing it to false.

security.ssl3.dhe_rsa_aes_256_sha

4. Disable low encryption by changing it to false.

security.ssl3.ecdhe_ecdsa_aes_256_sha

5. Disable low encryption by changing it to false.

security.ssl3.ecdhe_ecdsa_aes_128_sha

6. Disable low encryption by changing it to false.

security.ssl3.ecdhe_rsa_aes_128_sha

7. Disable low encryption by changing it to false.

security.ssl3.ecdhe_rsa_aes_256_sha

8. Disable low encryption by changing it to false.

security.ssl3.rsa_aes_128_sha

9. Disable low encryption by changing it to false.

security.ssl3.rsa_aes_256_sha

10. Disable low encryption by changing it to false.

security.ssl3.rsa_des_ede3_sha

• This can cause unable to show sites when the owner or provider is using only lower encryption, so, you can end up activating encryption, suggestion to try refresh after activating one, if not deactivate then try next one until you can see the site after refresh: look further below after the image.

type in

about:config

press enter.

Type in the searchbar ' SSL '.

From the last one, go up once. It's the second.

1. Enable by changing it to True. Try refresh the site you can't see, if nothing happens, deactivate by changing to False.

security.ssl3.rsa_aes_256_sha

From last one, go up to fourth one. It's the fifth.

2. Enable by changing it to True. Try refresh the site you can't see, if nothing happens, deactivate by changing to False.

security.ssl3.ecdhe_rsa_aes_256_sha

From last one, go up to ninth one. It's the tenth.

3. Enable by changing it to True. Try refresh the site you can't see, if nothing happens, deactivate by changing to False.

security.ssl3.ecdhe_ecdsa_aes_256_sha