On 6/9/18, Richard Owlett <rowl...@cloud85.net> wrote: > On 06/09/2018 09:29 AM, Steve Dunn wrote: >> On 2018-06-08 15:02, Andy K wrote: >>> June 30, 2018 is the deadline for disabling SSL/early TLS and >>> implementing a more secure encryption protocol – TLS 1.1 or higher >>> (TLS v1.2 is strongly encouraged) in order to meet the PCI Data >>> Security Standard (PCI DSS) for safeguarding payment data. >> [...] >>> In about:config, set security.tls.version.min to 2 to prevent >>> protocols lower than TLS 1.1 from being used. >> >> This is fine if you only use the browser to access sites that are >> compliant with payment industry standards. But most people use browsers >> for more than just online banking etc., and some of those sites may not >> support newer TLS versions. > > The vast majority of my transaction will be with my bank. > Is it reasonable to presume they will use the later standard?
Don't guess, see how well your bank does: https://www.ssllabs.com/ssltest/index.html >> So just remember that after making this >> change, you will probably break your browser's ability to access some >> sites; > > For the odd site that can use only the older standard, will I get an > informative error message? My recollection is no, you get something not terribly informative. (I allowed SSLv3 for ages until archive.org finally upgraded) I've got security.tls.version.min set to 3 and haven't found a site yet that fails - anyone know of a site that does TLS 1.1 but not TLS 1.2? >> you'll either need to keep switching your TLS minimum version >> back and forth, or use one browser for online banking etc. and a >> different browser for other activities. > > Will having distinct profiles address the issue adequately. > I currently use profiles that do/don't enable JavaScript and/or cookies > for similar purpose. > [I've a *NEGATIVE* view of both ;] Yes, that should work. Lee _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
