The current state of ecommerce

Acanthus

Lifer
Aug 28, 2001
19,915
2
76
ostif.org
https://vikingvpn.com/blogs/security/the-state-of-ecommerce-security

It is hilariously bad to me that Firefox is using 11-year old ciphersuites. I can't fathom why this hasn't been a priority for them to update, especially with with the advances against RC4 and RSA.

I ran headlong into this issue when trying to decide on the cipher order for the VikingVPN web server.

You are basically sacrificing a huge level of security to support browsers that are over a decade behind.
 

Chiefcrowe

Diamond Member
Sep 15, 2008
5,044
184
116
That is pretty crazy! but it is a huge problem to resolve also.
I've been checking the TLS 1.1/1.2 boxes in IE 10 but Firefox doesn't even have those options right??
 

Acanthus

Lifer
Aug 28, 2001
19,915
2
76
ostif.org
That is pretty crazy! but it is a huge problem to resolve also.
I've been checking the TLS 1.1/1.2 boxes in IE 10 but Firefox doesn't even have those options right??

Yeah, Firefox only supports TLS1.0. Opera was that way too for a long time, but they have just upgraded to TLS 1.1.
 

Acanthus

Lifer
Aug 28, 2001
19,915
2
76
ostif.org
Hmm... so anyone have any idea when firefox will support TLS 1.2?

It is in the current beta if you manually enable it. It has a boatload of problems though.

The conversations i have seen amongst the devs have said that it is two revisions out, since the current beta is already aurora.