bad result in howsmyssl [Solved]

molens · October 22, 2014, 5:07pm

When I test Ice Dragon with the site howsmyssl.com I got as result:
Your SSL client is Bad. The reasons are the TLS client is vbad and very old. Furthermore I got this:Insecure Cipher Suites

Bad Your client supports cipher suites that are known to be insecure:

SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA: This cipher was meant to die with SSL 3.0 and is of unknown safety.

What means all this? What is the solution?
Mod edit: Added solved to the topic title, Captainsticks.

captainsticks · October 23, 2014, 12:30am

Hi and welcome molens,
After changing the following setting IceDragon will then pass this test.

Type about:config into the address bar and enter.
Click the ‘I’ll be careful, I promise’ button.
Type security.ssl3.rsa_fips_des_ede3_sha into the search bar.
Double click the preference name that appears and change the setting from true to false, then OK.

Hope that helps.

molens · October 28, 2014, 10:15am

A part of your solution works, but I got this message:
Your client is using TLS 1.0, which is very old, possibly susceptible to the BEAST attack, and doesn’t have the best cipher suites available on it. Additions like AES-GCM, and SHA256 to replace MD5-SHA-1 are unavailable to a TLS 1.0 client as well as many more modern cipher suites.
What can I do?

captainsticks · October 28, 2014, 10:29am

Hi molens,
Please see the addition information in the quote below, sorry I forgot to mention that previously.

Kind regards.

molens · October 28, 2014, 6:02pm

Thank you Global Moderator for your accurate answer. Everything works well!!!

captainsticks · October 29, 2014, 2:19am

You are welcome, glad to hear that it worked correctly. :-TU

JoWa · October 29, 2014, 7:35am

The current version of IceDragon (= Firefox 26) does not support AES-GCM. Support was added in Firefox 27.