HackDig : Dig high-quality web security articles for hacker

Firefox 37 arrives with Opportunistic Encryption support

2015-04-07 02:50
Mozilla has rolled out the latest Version 37 of its Firefox browser for Windows desktop, Mac, Linux and Android operating systems.

The new release also adds patches for 13 different security advisories along with some new security improvements as well as user-experience features.

The biggest security feature added to Firefox 37 among others is the "Opportunistic Encryption" (OE) for servers and websites that support "HTTP/2 AltSvc."

Opportunistic Encryption (OE) allows Firefox browser to encrypt the traffic over plaintext HTTP connection without any need to authenticate it. This will help you to create, not complete, but some confidentiality from attackers to eavesdrop on your connection.

So Opportunistic encryption can be implemented with very minimal changes to an existing IPsec implementation.

The move by Mozilla is really a bonus for HTTP users with no encryption measure at all, but still it is not as good as authenticated encryption (HTTPS).

So, if you are running HTTPS, there is no need to switch to opportunistic encryption. Because unlike HTTPS, OE does not protect you against active "man-in-the-middle" (MITM) attacks. It only protects you against passive eavesdropping, which is a major benefit to most online users.

In a blog post published Friday, Mozilla developer Patrick McManus offered some technical details behind the reason to support HTTP 2 in Firefox.

McManus provides two easy steps to configure a server for OE:
  • Install a TLS based h2 or SPDY server on a separate port. 443 is an excellent choice. You can also use a self-signed certificate if you like because OE is not authenticated.
  • Add a response header Alt-Svc: h2=":443" or spdy/3.1, if you are using SPDY enabled server like Nginx.
In addition to Opportunistic Encryption, Firefox Version 37 also introduces the Heartbeat user rating system, which will gather feedback from users of its browser. The response from its users will be of great help to Firefox developers to feed the needs of its users into future Firefox releases.

Source: lmth.noitpyrcne-citsinutroppo-xoferif/gnC0BC4apFo/3~/sweNsrekcaHehT/r~/moc.elgoog.yxorpdeef

“Firefox 37 arrives with Opportunistic Encryption support”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud