Any chance using a secure version of TSL and getting rid of the known insecure ciphers? TBB by default has a maximum TSL version is 1 and minimum is 0. And TBB is still using the well insecure cipher security.ssl3.rsa_fips_des_ede3_sha Really? Point your TBB browser to https://howsmyssl.com to see how bad TBB sucks at SSL.