Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox is sending disabled list of ciphers too in client hello ( ssl handshake)

  • 1 reply
  • 3 have this problem
  • 13 views
  • Last reply by cor-el

more options

under C:\Program Files\Mozilla Firefox\defaults\pref\ this folder , i have created a security-perfs.js file which has got the information about the disabled and enabled list of ciphers and ssl version.

In this file , i have made only one cipher enabled .. rest all the cipher are false. So during the SSL handshake i should see only one cipher being sent in the client hello request ( by firefox )... But i could see a big list of cipher is being sent by the client ( firefox ) in client hello request.

BTW: in about:config .. i could see only one cipher is enabled rest are disabled. so the changes are getting reflected in the firefox using security-perfs.js file.

I am using windows XP.

so can some one help me here.

Thanks + Tanuj

under C:\Program Files\Mozilla Firefox\defaults\pref\ this folder , i have created a security-perfs.js file which has got the information about the disabled and enabled list of ciphers and ssl version. In this file , i have made only one cipher enabled .. rest all the cipher are false. So during the SSL handshake i should see only one cipher being sent in the client hello request ( by firefox )... But i could see a big list of cipher is being sent by the client ( firefox ) in client hello request. BTW: in about:config .. i could see only one cipher is enabled rest are disabled. so the changes are getting reflected in the firefox using security-perfs.js file. I am using windows XP. so can some one help me here. Thanks + Tanuj

Modified by Tanuj

All Replies (1)

more options

Files in that folder are used to initialize a new profile and doesn't have otherwise any effect.

You can use a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values.

Place a file local-settings.js in the defaults\pref folder where you also find the file channel-prefs.js to specify using mozilla.cfg.

pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0); // use this to disable the byte-shift

See:

You can use these functions in mozilla.cfg:

defaultPref();  // set new default value
pref();         // set pref, but allow changes in current session
lockPref();     // lock pref, disallow changes