AnsweredAssumed Answered

Firefox logjam quick fix

Question asked by j-mailor on Jun 3, 2015
Latest reply on Jun 3, 2015 by j-mailor

I was inspired by Chrome logjam quick fix thread. I use Firefox and according to the bug Mozilla Firefox tracker 1138554 – NSS accepts export-length DHE keys with regular DHE cipher suites this security problem is not going to be fixed in Firefox 38.x. See header of bug tracker - there are  statuses:

status-firefox38:     wontfix

status-firefox38.0.5:     wontfix

status-firefox39:     fixed


According to Mozilla Release schedule Releases - MozillaWiki Firefox 39 is going to be released June 23, 2015, so three weeks to wait. That is just too much for my taste.

 

Fix is just to disable two cipher is about:config, see how to: http://forums.mozillazine.org/viewtopic.php?p=14165963&sid=d5c12854f379b00d84c7411409acc19e#p14165963

 

By the way SSL client test Qualys SSL Labs - Projects / SSL Client Test is little bit misleading to tell people to upgrade as soon as possible. Firefox Users can't upgrade at the moment, the only way is to disable two DHE ciphers.

Outcomes