Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Edit cipher suites, default suites list, all info in one panel tab etc. #53

Open
sibiantony opened this issue Dec 10, 2015 · 1 comment
Open

Edit cipher suites, default suites list, all info in one panel tab etc. #53

sibiantony opened this issue Dec 10, 2015 · 1 comment

Comments

@sibiantony
Copy link
Owner

From e-mail. Anonymous Joe writes

Now for the annoying suggestions:

  1. It should be easier to edit the cipher suites - I gave up on the clicking, went into about:config, figured out the layout and then used notepad and found it much, much easier (I could find no way of moving a cipher from one list to another, for example). How about a simple text editing window? Or are you committed to the slick all-buttons and check-boxes look?)

  2. It might be useful to do more fine-grained blocking. in case you are interested, here is what I added (feel free to use and abuse) - these are what some experts (that is, random people on the Internet) say should be blocked (I also made them blocked by default):

{"name":"3DES suites","list":
["dhe_rsa_des_ede3_sha","ecdhe_rsa_des_ede3_sha","rsa_des_ede3_sha"],"state":"disable"},{"name":"DSS Key Exchange","list":
["dhe_dss_aes_128_sha","dhe_dss_aes_256_sha"],"state":"disable"},{"name":"DHE Key > Exchange","list":
["dhe_rsa_aes_128_sha","dhe_rsa_aes_256_sha"],"state":"disable"}

  1. Have you considered the option of having all the information visible in one panel? Or at least the two first panels, with the cipher suites separately? Perhaps as a configuration option? After all, most screens have loads of space and no-one keeps the SSLeuth display open while surfing (can't probably be done, anyway), but only occasionally.

Either way, I thought you might be interested in seeing what people are doing with your add-on!

Keep up the good work!

Anonymous Joe

P.S. I never could get the keyboard shortcut to work - though perhaps it was a conflict with some other add-on - haven't bothered to investigate"
@sibiantony
Copy link
Owner Author

For the sake of 'Joe', who wanted to remain anonymous, here's what I think of these :

  1. The cipher suites editing is a one time task. Nobody has to go through that repeatedly. Yes, the clickety can be annoying. But once set, they only need to be toggled.
    The UI is only meant for convenience, for those who are not familiar with what to configure and how to. Or else, as you had figured out, go to about:config, find the key extensions.ssleuth.suites.toggle and edit the lists.
    To create a parallel UI to do a raw edit is overkill. Besides, if there are errors in the syntax/names, that can screw up toggling too.
  2. For many reasons, I don't want to put up lists that disable cipher suites by default. Because, not all users are 'experts', and not all users really understand how to make things work if disabled cipher suites break loading a website.
    Why I built custom lists is that, people who understand it can use it to toggle easily.
    Creating more lists and setting them to their default state is possible. Will track that in this issue.
  3. Panel UI is a lot of work. But yes, thanks for the suggestion. Will keep that in mind.
  4. Keyboard shortcut - There are problems with some keyboard types (for eg. German layout). It's easy to change the default key combination. More on that here : https://github.com/sibiantony/ssleuth/#keyboard-shortcut

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sibiantony