blob: 656e573ba9692806f0fbb617a167bde18965240e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
---
title: Firefox 2 のセキュリティ
slug: Mozilla/Firefox/Releases/2/Security_changes
translation_of: Mozilla/Firefox/Releases/2/Security_changes
---
<div>{{FirefoxSidebar}}</div>
<p>この記事では、Firefox 2 のセキュリティに影響を与える変更点について説明しています。</p>
<h2 id="Weak_ciphers_disabled_by_default" name="Weak_ciphers_disabled_by_default">Weak ciphers disabled by default</h2>
<p><a href="/en/Firefox_2_for_developers" title="en/Firefox_2_for_developers">Firefox 2</a> disables SSLv2 and the weak "export" cipher suites (those with key lengths less than 64 bits) by default, in favor of SSLv3. This provides improved security.</p>
<p>The preferred encryption methods are <code>TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA</code> and <code>TLS_RSA_WITH_3DES_EDE_CBC_SHA</code>. Some servers refer to these as <code>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</code> and <code>SSL_RSA_WITH_3DES_EDE_CBC_SHA</code>.</p>
<p>If SSLv2 support must be enabled, it can be by setting the appropriate <code>security.ssl2.*</code> user preferences to <code>true</code>.</p>
<h2 id="New_features" name="New_features">New features</h2>
<ul>
<li>Firefox 2 supports <a class="external" href="http://en.wikipedia.org/wiki/Elliptic_curve_cryptography">Elliptic Curve Cryptography</a> in TLS. Support is presently limited to curves of 256, 384, and 521 (yes, 521) bits.</li>
<li>Firefox 2 supports the TLS server name indication extension to facilitate secure connections to servers hosting multiple virtual servers on a single underlying network address, as per <a class="external" href="http://tools.ietf.org/html/rfc3546" title="http://tools.ietf.org/html/rfc3546">RFC 3546</a>.</li>
<li>When Firefox 2 makes an <a class="external" href="http://en.wikipedia.org/wiki/Ocsp">OCSP</a> request to validate a web server's certificate, it now uses the proxy that has been configured for normal HTTP traffic.</li>
</ul>
<h2 id="Determining_what_ciphers_are_available" name="Determining_what_ciphers_are_available">Determining what ciphers are available</h2>
<p>As always, you can find out what ciphers are supported -- and which are enabled or disabled -- by going to about:config and searching on "ssl" or "tls".</p>
<h2 id="Security_improved_for_the_jar_protocol">Security improved for the jar: protocol</h2>
<p>In order to correct a potential security problem when using the <code>jar:</code> protocol, it's now necessary to serve JAR files with the MIME type <code>application/java-archive</code>. See <a href="/en/Security_and_the_jar_protocol" title="en/Security and the jar protocol">Security and the jar protocol</a> for further details.</p>
|
