Web browsers like Firefox ship with sets of cipher suites that the browser uses to protect data that is transferred between the web browser and secure websites.
When a browser connects to a secure website negotiations take place in which the client provides the server with a list of supported cipher suites, and information about the preferred cipher suite and SSL/TLS protocol version.
The server may then accept the client's preferences if supported, or ignore them to deliver a cipher suite of its own which it prioritizes.
In the end, client and server either agree on the use of a cipher suite or the connection attempt fails.
Browsers like Firefox support several cipher suites to ensure compatibility with secure servers and sites on the Internet.
While that is a good thing, it may sometimes mean that insecure or vulnerable cipher suites are being used or are still supported.
A recent example is the RC4 Cipher which many browsers have deprecated recently because it is not secure anymore. While many companies who produce browsers have reacted to this threat, you could have blocked RC4 manually before those changes took affect.
Firefox users can control the cipher suites in the browser on about:config.
Firefox lists all cipher suites as a result, and you may enable or disable any of those by toggling the value with a double-click on the preference name.
A value of true means the cipher suite is enabled, one of false that it is not available.
Toggle Cipher Suites is a new browser extension for the Firefox web browser that enables you to manage cipher suites in the browser.
Basically, what it does is provide you with an interface to enable or disable individual cipher suites so that you don't need to open about:config to do so.
The extension adds an icon to the main toolbar of Firefox, and a click on it reveals all supported cipher suites and their state.
You can click on the menu next to any cipher suite to toggle it, for instance from enabled to disabled.
The add-on links furthermore to the two SSL tests linked above so that you can run a check of the new configuration right after you make modifications.
Webmasters may use the add-on or the manual method to disable certain cipher suites to test web servers, and users to block cipher suites that are no longer secure.Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.