IndicateTLS highlights TLS security protocol version in Firefox's address bar
IndicateTLS is a browser extension for the Firefox web browser that highlights the security protocol that a website uses in the Firefox address bar. Additionally, it provides detailed security information about certain security features and the protocol.
If you see HTTPS in the Firefox address bar you know that the connection to the site is encrypted. While that is good, it is not clear immediately which protocol version browser and site negotiated for the connection.
Browser makers like Mozilla have plans to drop support for old security protocols, TLS 1.0 and TLS 1.1 in particular; the deprecation has been delayed due to Coronavirus but TLS 1.2 and 1.3 will become the standard protocols for all sites going forward.
Browsers don't show whether a connection uses TLS 1.2 or 1.3 by default. As a Firefox user, you may right-click on the page, select Page Info and switch to the Security tab to see the technical details of the connection. These include which security protocol version is used.
The Firefox add-on IndicateTLS brings the information to the forefront. The extension displays the version of the protocol in the Firefox address bar next to the bookmarks icon.
There you find listed the version, e.g. 1.2 as in the example screenshot above. A click on the icon displays technical details. These include at the time of writing:
- The protocol that is used.
- The connection state, e.g. secure.
- The cipher suite.
- Whether Forward Secrecy is enabled.
- Whether HSTS preload is enabled.
- Information about the certificate.
Switch to the resources tab in the interface to display information about loaded resources and technical details for each.
Links to the SSL testing site SSL Labs are provided to run additional tests and get more information about the status of a connection.
Closing Words
IndicateTLS is a useful extension for Firefox as it highlights the protocol version of the connection in the address bar. Developers benefit from the extension the most as they may use it to check sites and make sure everything is configured correctly. Regular users may find it useful as well as it provides more information on the status of the connection than Firefox in its frontend.
Now You: Do you check connections to make sure they are secure?
I don’t check security connections, so this is a very useful extension! It’s good to read addons reviews. I am asking myself which are the best addons for Firefox right now. Thank you @Martin! :]
SSLeuth is finally BACK!
Now I can get all scared about how many major institutions I am forced to log into have pathetic “secure” setups again.
What would I do without this anxiety inducing tool!??? :)
What this sort of tool is missing is an method for it’s alert users to shame the sites they discovers are sub-par with their SSL configurations.
Thanks for this. As a beginner, useful way to learn more about this complex topic. Ghacks shows as 1.2, so what would need to happen to get it to 1.3 (or what stops it etc) and what benefits would that bring?
:+1: at jannispinter the dev.
Reposted at the comprehensive user.js template for configuring and hardening Firefox:
https://github.com/ghacksuserjs/ghacks-user.js/
A few words about cybersecurity and anonymity. If you are looking for this you should choose Utopia, because it really works.
Anyone know what the icons means when it shows 1.3 but there is a red slash through it? The documentation on the add-on is pretty sparse.