diff options
Diffstat (limited to 'files/ja/mozilla/firefox/releases/2/security_changes/index.html')
| -rw-r--r-- | files/ja/mozilla/firefox/releases/2/security_changes/index.html | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/files/ja/mozilla/firefox/releases/2/security_changes/index.html b/files/ja/mozilla/firefox/releases/2/security_changes/index.html new file mode 100644 index 0000000000..656e573ba9 --- /dev/null +++ b/files/ja/mozilla/firefox/releases/2/security_changes/index.html @@ -0,0 +1,32 @@ +--- +title: Firefox 2 のセキュリティ +slug: Mozilla/Firefox/Releases/2/Security_changes +translation_of: Mozilla/Firefox/Releases/2/Security_changes +--- +<div>{{FirefoxSidebar}}</div> + +<p>この記事では、Firefox 2 のセキュリティに影響を与える変更点について説明しています。</p> + +<h2 id="Weak_ciphers_disabled_by_default" name="Weak_ciphers_disabled_by_default">Weak ciphers disabled by default</h2> + +<p><a href="/en/Firefox_2_for_developers" title="en/Firefox_2_for_developers">Firefox 2</a> disables SSLv2 and the weak "export" cipher suites (those with key lengths less than 64 bits) by default, in favor of SSLv3. This provides improved security.</p> + +<p>The preferred encryption methods are <code>TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA</code> and <code>TLS_RSA_WITH_3DES_EDE_CBC_SHA</code>. Some servers refer to these as <code>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</code> and <code>SSL_RSA_WITH_3DES_EDE_CBC_SHA</code>.</p> + +<p>If SSLv2 support must be enabled, it can be by setting the appropriate <code>security.ssl2.*</code> user preferences to <code>true</code>.</p> + +<h2 id="New_features" name="New_features">New features</h2> + +<ul> + <li>Firefox 2 supports <a class="external" href="http://en.wikipedia.org/wiki/Elliptic_curve_cryptography">Elliptic Curve Cryptography</a> in TLS. Support is presently limited to curves of 256, 384, and 521 (yes, 521) bits.</li> + <li>Firefox 2 supports the TLS server name indication extension to facilitate secure connections to servers hosting multiple virtual servers on a single underlying network address, as per <a class="external" href="http://tools.ietf.org/html/rfc3546" title="http://tools.ietf.org/html/rfc3546">RFC 3546</a>.</li> + <li>When Firefox 2 makes an <a class="external" href="http://en.wikipedia.org/wiki/Ocsp">OCSP</a> request to validate a web server's certificate, it now uses the proxy that has been configured for normal HTTP traffic.</li> +</ul> + +<h2 id="Determining_what_ciphers_are_available" name="Determining_what_ciphers_are_available">Determining what ciphers are available</h2> + +<p>As always, you can find out what ciphers are supported -- and which are enabled or disabled -- by going to about:config and searching on "ssl" or "tls".</p> + +<h2 id="Security_improved_for_the_jar_protocol">Security improved for the jar: protocol</h2> + +<p>In order to correct a potential security problem when using the <code>jar:</code> protocol, it's now necessary to serve JAR files with the MIME type <code>application/java-archive</code>. See <a href="/en/Security_and_the_jar_protocol" title="en/Security and the jar protocol">Security and the jar protocol</a> for further details.</p> |