This document is provided by Netscape for
your information only. It may help you take certain steps to
protect the privacy and security of your personal information on
the Internet. This document does not, however, address all online
privacy and security issues, nor does it represent a recommendation
by Netscape about what constitutes adequate privacy and security
protection on the Internet.
SSL Settings
This section describes how to set your SSL preferences and
ciphers.
Privacy & Security Preferences - SSL
This section describes how to use the SSL preferences panel. If
you are not already viewing the panel, follow these steps:
- Open the Edit menu and choose Preferences.
- Under the Privacy & Security category, click SSL. (If no
subcategories are visible, double-click Privacy & Security to
expand the list.)
SSL Protocol Versions
The Secure Sockets Layer (SSL) protocol defines rules governing
mutual authentication between a web site and browser software and
the encryption of information that flows between them. The
Transport Layer Security (TLS) protocol is an IETF standard based
on SSL. TLS 1.0 can be thought of as SSL 3.1.
You should normally leave these three checkboxes selected to
ensure that both older and newer web servers can work with the
browser:
- Enable SSL version 2: Allows older web servers to work
with the browser.
- Enable SSL version 3: Allows newer web servers to work
with the browser.
- Enable TLS: Allows web servers that support TLS to take
advantage of it.
To turn individual ciphers on or off, click the Edit Ciphers
button:
- Edit Ciphers: Don't attempt to edit ciphers individually
unless you know exactly what you are doing and have cleared the
changes with your system administrator. For more information, see
Edit Ciphers.
Important note re TLS: Some servers that do not implement
SSL correctly cannot negotiate the SSL handshake with client
software (such as the browser) that supports TLS. Such servers are
known as "TLS intolerant."
When the Enable TLS option in the SSL preferences panel is
selected, the browser attempts to use the TLS protocol when making
secure connections with a server. If that connection fails because
the server is TLS intolerant, the browser will fall back to using
SSL 3.0.
SSL Warnings
It's easy to tell when the web site you are viewing is using an
encrypted connection. If the connection is encrypted, the lock icon
in the lower-right corner of the Navigator window is locked. If the
connection is not encrypted, the lock icon is unlocked.
If you want additional warnings, you can select one or more of
the warning checkboxes in the SSL preferences panel. Some people
find these warnings annoying.
To activate any of these Navigator warnings, select the
corresponding checkbox:
- Loading a page that supports encryption: Select this
warning if you want to be reminded whenever you are loading a page
that supports encryption.
- Loading a page that uses low-grade encryption: Select
this warning if you want to be reminded whenever you are loading a
page that supports low-grade encryption. (Low-grade encryption is
the weakest encryption available, using 40-bit keys.)
- Leaving a page that supports encryption: Select this
warning if you want to be reminded whenever you are leaving a page
that supports encryption for one that does not.
- Sending form data from an unencrypted page to an unencrypted
page: Select this warning if you want to be reminded whenever
you are submitting data over an unencrypted connection. If you send
unencrypted information over the Internet, it can easily be
intercepted by other people.
- Viewing a page with an encrypted/unencrypted mix: Select
this warning if you want to be alerted whenever you are viewing a
page that includes any information that's not encrypted.
For short definitions, click
authentication,
encryption, or
certificate.
Edit Ciphers
This section describes how to use the Edit Ciphers dialog box.
If you're not already viewing it, follow these steps:
- Open the Edit menu and choose Preferences.
- Under the Privacy & Security category, click SSL. (If no
subcategories are visible, double-click Privacy & Security to
expand the list.)
- Click the Edit Ciphers button.
The Edit Ciphers dialog box allows you to select or deselect
ciphers, or
cryptographic
algorithms. Consult your system administrator before changing
any of these settings.
Each checkbox corresponds to a cipher suite, or set of
cryptographic algorithms. To view information about a cipher suite,
click Details.
The following information is displayed for the selected cipher
suite:
- Encryption algorithm: Used for bulk encryption and
decryption.
- Authentication Algorithm: Used to determine the server
or client's identity.
- Key Algorithm: Governs the way in which the server and
client determine the symmetric keys they will both use during an
SSL session.
- Efffective Key Size: The size of the keys used with this
cipher suite. (Encryption strength depends on both encryption
algorithm and key size.)
- MAC Algorithm: Used for tamper detection and data
verification; sometimes called message digest or hash
algorithm.
- Other Attributes. These can include the following:
-
- FIPS. Complies with Federal Information Processing
Standards Publications (FIPS PUBS) 140-1. Many products sold to the
US government must comply with one or more FIPS standards.
- IsExportable. Cipher suite was legally exportable under
regulations published by the U.S. Department of Commerce that
previously limited the encryption strength of exported products.
Those regulations have since been loosened.
For more information about ciphers and encryption, see the
following online documents:
11 March 2003
Copyright © 1994-2003 Netscape Communications
Corporation.