Opened 2 weeks ago

Last modified 2 weeks ago

#2665 new enhancement

harden I2PBrowser - TLS,Punycode

Reported by: anonymous maybe Owned by: Meeh
Priority: minor Milestone: n/a
Component: apps/browser Version: n/a
Keywords: Cc: idk, sadie
Parent Tickets: Sensitive: no

Description

TLS:

now TLS 1.0,1.1 considered weak encryption only 1.2,1.3 is considered safe to be used. to harden tls readings go to about:config → search for security.tls.version.min → change it to 3.

Punycode Phishing Attack:

It has been discovered that a 3 years old ticked didnt resolved to fix this vulnerability read more about it:

https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

https://www.xudongz.com/blog/2017/idn-phishing/

https://bugzilla.mozilla.org/show_bug.cgi?id=1332714

https://trac.torproject.org/projects/tor/ticket/21961#comment:18

about:config → network.IDN_show_punycode → true

Subtickets

Change History (1)

comment:1 Changed 2 weeks ago by anonymous maybe

Cc: idk sadie added
Note: See TracTickets for help on using tickets.