On 10 Dec 2020, at 07:38, Tom Browder <[email protected]> wrote:
> When I last serious upgrades to my servers last July one problem with using
> TLS 1.3 was that the Firefox browser couldn't use it as because of
> post-handshake problems. So I'm currently running TLSv1.2.
Firefox in general? Or some specific (or old) version? It has no issues
connecting to TLS 1.4 for me. All you have to do for TLS 1.2 to be secure
agains BREACH/CRIME is to disable the header compression, if you are unlucky
enough to have an implementation that enabeld it by default. If you have
recent-ish versions of openSSL I don't think you can enable compression without
patching and rebuilding.
(I don't run Firefox myself, but I launch it every few months to make sure my
stuff at least loads on it)
--
Say, give it up, give it up, television's taking its toll That's
enough, that's enough, gimme the remote control I've been nice,
I've been good, please don't do this to me Turn it off, turn it
off, I don't want to have to see
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]