On 10 Dec 2020, at 07:38, Tom Browder <tom.browder@xxxxxxxxx> wrote: > When I last serious upgrades to my servers last July one problem with using TLS 1.3 was that the Firefox browser couldn't use it as because of post-handshake problems. So I'm currently running TLSv1.2. Firefox in general? Or some specific (or old) version? It has no issues connecting to TLS 1.4 for me. All you have to do for TLS 1.2 to be secure agains BREACH/CRIME is to disable the header compression, if you are unlucky enough to have an implementation that enabeld it by default. If you have recent-ish versions of openSSL I don't think you can enable compression without patching and rebuilding. (I don't run Firefox myself, but I launch it every few months to make sure my stuff at least loads on it) -- Say, give it up, give it up, television's taking its toll That's enough, that's enough, gimme the remote control I've been nice, I've been good, please don't do this to me Turn it off, turn it off, I don't want to have to see --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|