26 May
2015
26 May
'15
2:27 p.m.
On the browser side, while waiting for vendor updates, Mozilla released https://addons.mozilla.org/en-US/firefox/addon/disable-dhe/ which does something very similar to https://addons.mozilla.org/en-us/firefox/addon/strict-ssl3-configuration/ (shameless plug) which disables broken or weak ciphers. I'm not and advocate of adding not-already-provided extensions to the TorBrowser but YMMV, it all boils down to your threat model (see also the note on my extension page). Cheers, Marco