What does the "Calomel SSL Validation" Firefox extension do ?

https://calomel.org/firefox_ssl_validation.html

Home           RSS           Search

October 07, 2013

Calomel SSL Validation

a Firefox Add-on extension grading SSL strength

What does the "Calomel SSL Validation" Firefox extension do ?

The "Calomel SSL Validation" add-on grades the SSL cipher strength of the current connection. Access to a detailed summery of the SSL negotiation is supplied by a toolbar button. The button will change color depending on the grade from red (low score), to orange, to yellow, to blue and finally to green (high score). Standard HTTP unencrypted connections will turn the toolbar icon gray as will any blank tabs.

In the options section you can enable the use of only the strongest 256 bit ciphers in high security mode in addition to disabling the Online Certificate Status Protocol (OCSP). Other tabs include speed optimizations, the ability to run off page and DNS prefetching, tab previews and an option to disable annoyances like blinking text and gif animations.

To install in Firefox, go to the official Mozilla Firefox Add-on page for "Calomel SSL Validation". There you can find screen shots too!

Latest Version: 0.64 (compatible with Firefox 25 and later)

• With Firefox 25 and later the add on has the ability to grade each part of the FULL cipher suite including the key exchange, signature, bulk cipher and message authentication code. We also check and grade ciphers which support Perfect Forward Secrecy (PFS).
• Changed the suite of strong ciphers to FIPS 140-2 and restricted the sets to no less then AES 256 bit. You can verify a browser's supported cipher suite using the Qualys SSL Labs Client Test page.
• You can now further limit the strong ciphers above to those which support Perfect Forward Secrecy (PFS). PFS ciphers are those starting with (EC)DHE which stands for (Elliptic Curve) Diffie-Hellman Ephemeral. The Ephemeral part is the key to PFS.
• Separated the ability to disable Online Certificate Status Protocol (OCSP) checking from the High Cipher option above. OCSP is needed if you want to see the little green bar for EV certificates. If OCSP is disabled then Firefox is a lot faster, but an EV certificate site will look just like every other Domain Validated (DV) site. Still secure, but no little green bar.
• Added the check for Elliptic Curve Cryptography (ECC) Certificates and award the highest score to ECDSA "Curve bit" enabled sites. Google search is now supporting ECDSA subject public key signed using prime256v1 (aka secp256r1). ECDSA is faster and more secure then straight DSA.
• Two(2) new Privacy options! You can now choose to not send any referrer information to remote servers. When you click on any link the information about where you came from is sent to the next web server; the data is called the referer. You can also choose to have Firefox send a more anonymous user agent, specifically "Mozilla/5.0 (Gecko) Firefox/64" . This option is great to keep Firefox from sending your operating system or other system related details to remote web servers. Details can be found in the "Privacy" section further down this page.
• Disabled OCSP checking since OSCP has a soft fail condition and slows down the https setup considerably. According to Google Devs, "OCSP soft-fail revocation checks are like a seat-belt that snaps when you crash," he said. "Even though it works 99% of the time, it's worthless because it only works when you don't need it." A better option is OCSP Stapling which Calomel.org fully supports right now.

Explaining the URL button drop down details box

For this example we are going take a look at the details in the current toolbar button drop down box for this site. Push the "green" URL button of our add on to see the drop down panel. If you do not currently see the toolbar button right click on the top tool bar, go to "customize" and scroll down to the bottom of the icon list. There you will see the "Calomel SSL Validation" button in gray. Just drag the button on to the toolbar. We like the placement to the left of the URL bar, but the position is completely up to you. You may need to refresh the page for the icon to turn the correct color after the install.

Security: Strong (blue 86%)

This is the overall security profile of the SSL connection. The connection could be "very strong", "strong", "moderate", "weak" and "very weak" and will only be shown when the SSL connection is established and is encrypted in some way. In the parentheses is the color description of the URL icon button and the score of the page up to 100%. The color description was added for users who are color blind and may not be able to distinguish color hues. The score gives a more detailed idea of how securely Firefox connected to this site.

Certificate: Verified

This describes the response from the certificate authority server. The certificate must be able to be verified through a certificate authority (CA) or be verified by the user for a self signed certificate. If the certificate is verified the status message "Verified" is received and the pass score is given. If the user has authorized a self signed certificate as good then a pass value will also be awarded.

If there is a problem with the certificate or it can not be verified then the entire SSL connection is suspect. A suspect certificate is awarded a score of negative one hundred (-100) to guarantee a red URL icon. An example of the failed verification is a self-signed cert which has not been approved by the user or an expired or revoked certificate. The foundation of a SSL certificate is having a third party positively verify the cert or having the user authorize the cert independently of external sources. If the certificate authority reports a problem with the cert, the cert is invalid or the user can not independently verify the cert then we can not trust it.

Class: Domain Validation (DV)

Class is the type of background check the certificate authority does to the buyer of the server certificate. Calomel.org bought a standard SSL certificate from Comodo and they award us a "Domain Validation" or "DV" certificate. This means that Comodo only verified that the owner of the domain, that is us, bought the cert for calomel.org. A DV class certificate is a very simple and fully automated verification process done by the certificate authority (CA) and is good enough for 99% of web sites.

The other type of validation is "Extended Validation". An "EV" certificate is for companies as the verification process is significantly more stringent and more expensive. While a DV cert might cost as little as 20 US dollars per year and EV cert cost hundreds of dollars per year. In order for EV certificates to validate you _MUST_ make sure OCSP checks are enabled.

We do _not_ score on this value as anyone can get an EV certificate. Most small sites and companies will not bother with EV certs, but organizations likes banks and financial institutions might to make their users "feel" more secure. Understand that there is absolutely no difference in the encryption profile between a DV or EV certificate.

URL Host: calomel.org

This is the address of the fully qualified domain name (FQDN) of the server shown in the URL bar. This string should match the name of the domain you wanted to go to.

Common Name (CN): calomel.org (matched)

The "Common Name" is the primary full domain name string the SSL certificate is registered for. The "URL host" above and the "Common Name" should match for the SSL certificate to be valid. Firefox does a regular expression test and if both the URL and any host in the certificate Common Name match then the tag, "(matched)" is printed. If the "Common Name" and "URL Host" the connection will get a negative one hundred (-100) score and a red icon. Scroll to the next section for the description on how we score the connection.

The certificate must specify the specific domain name they want this cert to support. If the website owning the domain is "www.google.com" then the certificate must be registered with the "Common Name (CN)" of "www.google.com" or at least the glob "*.google.com". If the domain is mismatched then validation instantly fails.

NOTE: If you manually add a "Security Exception" for a URL which points to an https domain name then that URL will match the https domain name. For example, if you go to one of the ip addresses of encrypted.google.com, namely https://74.125.225.32/ , you will see the ip does NOT match the common name in the certificate of encrypted.google.com. This error is expected and Firefox as well as our addon show a warning. If you then add a "Security Exception" to the https://74.125.225.32/ URL, Firefox internally symlinks https://74.125.225.32/ to encrypted.google.com because _YOU_ manually allowed the exception. Now, both https://74.125.225.32/ and encrypted.google.com are now equal according to Firefox and are now "matched" Common Names. This is not a bug, but a feature for advanced users. Please be careful when adding SSL certificate exceptions as they can cause confusion and are not that easy to remove.

Perfect Forward Secrecy [PFS]: YES (20/20)

Perfect Forward Secrecy (PFS) allows the cipher to use a new random master key for every connection between the server and every client. PFS is more secure. Non-PFS ciphers use the server's private key for encryption. If the server's private key is ever compromised then all past communication from the server to all clients can be decrypted. With Perfect Forward Secrecy every connection uses a unique negotiated key exchange so even if the server's private key is compromised, no past communication can be decrypted. Our goal is for every server to exclusively use PFS ciphers all the time, for every client. For example, calomel.org is a PFS only site.

Ciphersuite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

The cipher suite is the full cipher string directly from Firefox. We included it so you could see the raw cipher string. This line is then broken out into component pieces and graded individually in the following lines.

Key Exchange: ECDHE [PFS] (25/25)

A cipher key exchange is the method the server and client use the exchange symmetric keys between each other. The use of the Elliptic curve Diffie Hellman Ephemeral (ECDHE) key exchange means this connection has Perfect Forward Secrecy (PFS) due to the "E" or Ephemeral portion. You may also see DHE, ECDH, DH or RSA.

Signature: RSA (10/13)

The signature is the method the certificate authority chooses to sign our public key certificate with. Most certificate authorities (CA) today use the standard RSA method. Google runs their own CA so they use the significantly stronger Elliptic Curve Digital Signature Algorithm (ECDSA) method. The certificate signature type and bit length is rated below in the "Issued to" and "Issued by" section.

Bulk Cipher: AES 256 bit (15/15)

The bulk cipher and bit length is the symmetric cipher used to transfer data once the connection is established and keys are exchanged. AES 256 bit is the strongest so far and will get the highest score. Other ciphers you may see are RC4 128 bit, Triple DES, AES 128, IDEA, DES, or Camellia.

MAC: SHA-1 (10/15)

The MAC or message authentication code is used to authenticate a message to provide integrity and authenticity assurances on the message. Integrity assurances detect accidental and intentional message changes, while authenticity assurances affirm the message's origin. SHA-1 is the most common MAC, but SHA-256 and SHA-384 are becoming more common with the adoption of TLSv1.2.

Issued To: (currently blank)

This field is blank for us. Normally, you will see the name of the company, individual or organization which purchased the SSL certificate. This value is not used in the scoring of the site as it can contain any string or even be left blank. This field could contain the URL host, company name, individuals name or any variation.

: (currently blank)

This is supposed to say the location we added to our certificate. The problem is calomel.org currently uses an inexpensive cert from Comodo and they do not honor the location information from our CSR. In fact, Comodo striped out the location information for some reason. For other sites you will see the location information that site registered their certificate for. For example, Google's location information is "Mountain View California US".

: SHA-1 With RSA @ 2048 bit (3/6)

This is our hash the certificate signing request (CSR) was signed with before it was sent to the certificate authority. The size of the key is 2,048 bits. A SHA-1 hash of 2048 bits or more is considered adequate as only Elliptic Curve Cryptography (ECC) Certificates are considered STRONG. The string "Curve" instead of a numerical bit value stands for Elliptic Curve Digital Signature Algorithm, or ECDSA. We score on a 2048 bit signature at 3 out of 6 points awarded.

Issued By: Comodo CA Limited

The name of the certificate authority who provides the certificate to the buyer; in this case the seller is Comodo, This is also the company who houses the SSL validation servers used by Firefox to verify that calomel.org is a valid hostname to use this certificate for. This value is not use in the scoring of the site.

: Salford Greater Manchester GB

The location of the certificate authority's corporate offices. In this case the location of Comodo's corporate identity is Salford Greater Manchester , Great Britain.

: SHA-1 With RSA @ 2048 bit (3/6)

This is a hash the certificate from the certificate authority was signed with. The size of the key is 2,048 bits. A SHA-1 hash of 2048 bits or more is considered moderate as well. We score on this value as seen by the 3/6 value.

Valid from: 12/22/2011 19:00:00

This is when the SSL certificate account was first activated and allowed to be verified by browsers like Firefox. This value is not used in the scoring of the site, but if the "Valid from" date is in the future the certificate is invalid and a red button is awarded. Certs can not be used before or after their "valid" dates. Note that re-issued certificates can have the same "from" and "until" dates. It is up to the CA on what dates to implement.

Valid until: 12/22/2014 18:59.59

This is the expiration date of the certificate by the certificate authority. This certificate can not be verified past this date. The site owner will have to buy a new cert after this date has passed if they wish to continue using SSL. This value is not used in the scoring of the site, but if the "Valid until" date is in the past the certificate is invalid and a red button is awarded.

How is the score of the SSL connection determined ? (URL button color)

The add-on will score the SSL connection and change the color of the icon in the URL bar. In the drop down box the details show the percentage score on the first line. The color of the URL button is currently red (none or weakest security) to orange, to yellow, to blue and finally green (strongest security).

The score of a site is currently made by:

Perfect Forward Secrecy [PFS] = 20%

Perfect Forward Secrecy (PFS) is a property of the key-agreement protocol that ensures a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future. PFS is a very good way to make sure past communication is not decrypted with the lose or compromise of the server key.

Key Exchange = 25%

Key exchange (also known as "key establishment") is any method in cryptography by which cryptographic keys are exchanged between server and client, allowing use of a cryptographic algorithm. A strong key exchange method is critical to the setup of the encrypted communication.

Signature = 13%

The signature is the method the certificate authority signed the server's public ssl certificate. Most CA's use RSA except Google, which uses the stronger ECDSA.

Bulk Cipher = 15%

A symmetric bulk cipher is the algorithm used to encrypt the data sent over SSL. You want to negotiate with the remote server to use the strongest ciphers available to both systems. In our case we are looking for the Advanced Encryption Standard (AES) at 256 bits or even Camellia at 256 bits for the highest score. If the SSL connection is negotiated at AES 128 bit, Camellia at 128 bit or even Triple DES at 168 bits then a lower score is awarded. If the weak RC4 cipher is used the connection is awarded the lowest value. A very weak cipher would be an export controlled 40bit MD5 cipher for example.

The key length is in bits. The larger the key the higher the score. Keep in mind that the type of symmetric bulk cipher used is significantly more important than the size of the key. A 256 bit key will get the highest grade.

Message Authentication Code (MAC) = 15%

The message authentication code (MAC) is a short piece of information used to authenticate a message and to provide integrity and authenticity assurances on the message. Integrity assurances detect accidental and especially intentional message changes, while authenticity assurances affirm the message's origin. SHA-1 is the most common MAC, but SHA-256 and SHA-384 are becoming more common with the introduction of TLSv1.2.

Certificate Hash Type and Key Length = 12%

If the certificate uses SHA (SHA-1 through SHA-512) it is considered "STRONG". If MD5 is used the cert is rated as "WEAK". A bit type of "Curve bit" stands for Elliptic Curve Cryptography (ECC) Certificates which are significantly stronger then RSA certs and thus awarded the "STRONG" value. A RSA length in bits of 2048 and above is considered "MODERATE" and anything less is weak. In order for the certificate to be rated as "STRONG" both the hash and the key length have to be rated strong. If either one fails the entire hash rating is "WEAK".

At the RSA Conference 2005, the National Security Agency (NSA) announced Suite B which exclusively uses ECC for digital signature generation and key exchange. The suite is intended to protect both classified and unclassified national security systems and information. The Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which uses elliptic curve cryptography. For more information on ECC take a look at Wikipedia's Elliptic curve cryptography page.

RSA is a public-key cryptosystem for both encryption and authentication; it was invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman [RSA78]. Details on the algorithm can be found in various places. RSA is combined with the SHA1 hashing function to sign a message in this signature suite. It must be infeasible for anyone to either find a message that hashes to a given value or to find two messages that hash to the same value. If either were feasible, an intruder could attach a false message onto a site's signature. The hash functions SHA1 has been designed specifically to have the property that finding a match is infeasible, and is therefore considered suitable for use in this role. MD5 is considered too weak to be used for SSL certificate security.

In cryptography, SHA-1 is a cryptographic hash function designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. The three SHA algorithms are structured differently and are distinguished as SHA-0, SHA-1, and SHA-2. SHA-1 is very similar to SHA-0, but corrects an error in the original SHA hash specification that led to significant weaknesses. The SHA-0 algorithm was not adopted by many applications. SHA-2 on the other hand significantly differs from the SHA-1 hash function.

In cryptography, MD5 (Message-Digest algorithm 5) is a widely used weak cryptographic hash function with a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. However, it has been shown that MD5 is not collision resistant;[2] as such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property.

Explaining the "Preferences" menu

There is nothing secret or mystical about a Firefox Add-on, this one is no different. We will try to explain in detail all of the methods we use and tell you exactly which "about:config" values we trigger. This way you can make an informed decision whether to use an option or not.

Helpful Hint: To get to the preferences menu, middle mouse click on the addon's colored button. The add-on preferences are also available at the bottom of the "Tools" menu under "Calomel SSL Validation". The longest route to the add on's options is to navigate through Tools, Add-ons, Extentions and the Preferences.

Security Tab

Restrict FIPS 140-2, 256 bit ciphers

This option enables only the highest strength 256bit SSL ciphers which includes perfect forward secrecy (PFS) as well as the non-PFS cipher AES-256 for broader compatibility. This option also disabled SSLv2 and SSLv3 and only allows TLSv1, TLSv1.1 and TLSv1.2.

You can find the "toggle high ciphers" menu option under the "Tools" menu. This will instantly turn on or off the high strength ciphers. The toggle can be used for testing or to temporarily try a site's preferred security method. If you come across a page that can not use strong ciphers you can turn them off and reload the page using Firefox's default ciphers. When you are done you can then turn the high strength ciphers back on. Also, the toggle only temporary turns on or off the ciphers. When Firefox is restarted the option you preferred in the add-ons preferences will be restored.

These are the current ciphers and configuration this option will trigger:

• security.enable_tls true (default false)
• ECDHE-RSA-AES256-SHA (security.ssl3.ecdhe_rsa_aes_256_sha)
• ECHDE-ECDSA-AES256-SHA (security.ssl3.ecdhe_ecdsa_aes_256_sha)
• ECDH-RSA-AES256-SHA (security.ssl3.ecdh_rsa_aes_256_sha)
• ECDH-ECDSA-AES256-SHA (security.ssl3.ecdh_ecdsa_aes_256_sha)
• DHE-RSA-AES256-SHA (security.ssl3.dhe_rsa_aes_256_sha)
• AES256-SHA (security.ssl3.rsa_aes_256_sha)

You can verify a browser's supported cipher suite using the Qualys SSL Labs Client Test page. If you go to any site and Firefox shows the error, "Error code: ssl_error_no_cypher_overlap" then the site you went to does not support any of the high level 256 bit ciphers listed above.

WARNING: When you enable high strength 256bit ciphers then Firefox's automatic add-on updates will break. The reason is the Mozilla add on site only accepts the very weak RC4 cipher.

In order to periodically update your add ons it is recommended to go into the "Tools" menu under "Calomel SSL Validation" and "toggle high ciphers" off. Then go into the "Add-ons" page under "Tools" and "Check for Updates" manually using the little lightswitch icon. You can then restart Firefox after updating any addon and this will turn your high strength ciphers back on. We understand this is not an ideal solution, but Mozilla is not using secure ciphers and high strength ciphers are exactly what the "Restrict FIPS 140-2, 256 bit ciphers" turns on.

In order to communicate securely, a TLS client and TLS server must agree on the cryptographic algorithms and keys that they will both use on the secured connection. They must agree on these items:

• Key Establishment Algorithm (such as RSA, DH, DHE, ECDH or ECDHE)
• Peer Authentication Algorithm (such as RSA, DSA, ECDSA)
• Bulk Data Encryption Algorithm (such as RC4, DES, AES, or CAMELLIA) and key size from 40 to 256 bits
• Digest Algorithm for Message Authentication Checking (SHA1, SHA256, SHA384, SHA521)

There are numerous available choices for each of those categories, and the number of possible combinations of all those choices is large. TLS does not allow all possible combinations of choices from those categories to be used. Instead TLS allows only certain well-defined combinations of those choices, known as Cipher Suites, defined in the IETF RFC standards. We have selected the highest strength ciphers for this option.

How does the client and server pick the cipher to use ?

First, it is important to know the client and server need to support the same cipher to be able to properly negotiate a connection. The above ciphers are those that are available for our client on "high strength" mode. The server has another list of ciphers it was built with.

A TLS client and server negotiate a stateful connection by using a handshaking procedure. The handshake begins when a client connects to a TLS-enabled server requesting a secure connection, presenting a list of supported CipherSuites (ciphers and hash functions like the ones listed above). From this list, THE SERVER CHOOSES the cipher and hash function that it also supports and notifies the client of what the connection will use.

Note that some servers have been configured to use less secure ciphers over the more secure variant to save on CPU processing time. Google (https) is like this. They prefer using the weak RC4-128 cipher. Using the "high strength" option above will force Google to use greater strength encryption like AES-256.

Why do some sites not work when FIPS-140 mode is enabled ?

This is because the admin or owner of those sites prefer to use _only_ weak ciphers and do not offer the stronger ones. They probably only accept the RC4 because of the BEAST attack or even export controlled ciphers. We chose AES over RC4 as patches for the BEAST attack (1/n-1 and not 0/n) have been available for almost a year now. Some sites do not allow our client to negotiate with the strong encryption we request.

If you need to connect with a site which does not offer AES-256 ciphers then toggle the "high strength" mode option under the "Tools" menu. Just refresh the page (Shift and the refresh button) and the site should come up using the server's preferred weak ciphers. Once you are done visiting the site just toggle the "FIPS-140" mode back on.

When you disable this option all of the ciphers return to their default values.

-- and only Perfect Forward Secrecy (PFS) ciphers

Perfect Forward Secrecy (PFS) ciphers are those which use the ECDHE or DHE handshake scheme. PFS ciphers are those starting with (EC)DHE which stands for (Elliptic Curve) Diffie-Hellman Ephemeral. The use of PFS compatible ciphers ensures that a session key derived from a set of long-term public and private keys can not be compromised _when_ one of the (long-term) private keys is compromised.

When you enable this option all we really do is limit the ciphers to AES-256 bit and those starting with ECDHE and DHE. You will notice the cipher AES256-SHA (security.ssl3.rsa_aes_256_sha) was removed from the strong cipher list above as it is a non-PFS cipher.

NOTE: if you enable only Perfect Forward Secrecy (PFS) ciphers you will notice many sites will not load with the error, "Error code: ssl_error_no_cypher_overlap". This error means the server you connected to does not support any of the PFS ciphers or the TLS version we have listed. You many also find sites you can connect to, but they do not fully load. This is probably because the site's main HTML page is on a PFS support domain, but other objects like pictures or css files are on non-PFS domains.

These are the current PFS 256 bit ciphers we enable:

• ECHDE-ECDSA-AES256-SHA (security.ssl3.ecdhe_ecdsa_aes_256_sha)
• ECDHE-RSA-AES256-SHA (security.ssl3.ecdhe_rsa_aes_256_sha)
• DHE-RSA-AES256-SHA (security.ssl3.dhe_rsa_aes_256_sha)

When you disable this option all of the ciphers return to their default values.

disable Online Certificate Status Protocol (OCSP) checks

The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of SSL certificates. OCSP responses are encoded in ASN.1 and are usually communicated over HTTP. In order for Firefox to display the "green bar" to distinguish an Extended Validation (EV) certificate, OCSP requests must be made for every single certificate in the chain whereas in many browsers, if an OCSP request is made at all, intermediate certificates are not checked. The increased time taken for the TLS handshake when using an EV certificate can be attributed to Firefox's slow serial OCSP checking behavior.

The OCSP stapling Wikipedia page states, "OCSP checking also creates a privacy concern for some users, since it requires the client to contact a third party (albeit a party trusted by the client software) to confirm certificate validity. A way to verify validity without disclosing browsing behavior would be desirable for this group of users." Speed and optimization among browsers has made it necessary to largely ignore OCSP response failures, creating a security vulnerability. OCSP stapling is a better solution to real time OCSP checks. Calomel.org, for example, supports OCSP Stapling. You can use openssl to take a look at our X.509 cert with "openssl s_client -connect calomel.org:443 -tls1 -tlsextdebug -status" and look for the area starting with "OCSP Response Data:". When Multiple OCSP Stapling is standardized then all the intermediate certificates can also be stapled by the server and sent to the user. CA Security mentions, "A switch from client-managed revocation checking to server- proxied revocation information will increase online security by permitting clients to treat missing OCSP information as a serious concern. Also, multi-stapling will immediately increase performance of websites by eliminating the time clients currently need to spend establishing the connections used to download OCSP and CRL information, which can be a significant fraction of the time spent on the handshake with the server."

OCSP and CRL requests increase page load times and are susceptible to blocking by man-in-the-middle attackers or captive portals, sites commonly use Wi-Fi access points to prevent HTTP connections before users authenticate. Google Chrome disables OCSP for this exact reason. Not using OCSP can make SSL pages load faster as the median time for a successful OCSP check is around 200ms and the mean is nearly a second. The Netcraft Certificate revocation and the performance of OCSP paper looks at the latency delay of many OCSP servers.

The following option is triggered:

• security.OCSP.require false (default true)
• security.OCSP.enabled 0 (default 1)

When you disable this option all of the ciphers return to their default values.

allow TLSv1.2 and TLSv1.1 only

Limit ssl connections to only those which support Transport Layer Security (TLS) version 1.1 and 1.2. This option is used to deny connections like SSLv2, SSLv3 and TLS1.0 and only allow TLSv1.2 and TLSv1.1. If you go to a site a receive the error, "Error code: ssl_error_no_cypher_overlap" then the site does not support the TLS version or the site does not support any of the cipher you restricted Firefox to. Many sites are old or misconfigured and we find around 50% of the https sites will fail when restricted to only TLSv1.1 or TLSv1.2. This option is good for testing though. Calomel.org prefers TLSv1.2 and stronger ciphers.

The following option is triggered:

• security.tls.version.min 2 (default 0)
• security.tls.version.max 3 (default 1)

When you disable this option all of the ciphers return to their default values.

disable short URL keyword guessing

When you type in a short name like "calomel" in the URL bar Firefox does not know where to go. So it guesses. It infers you wanted to go to www.calomel.com; but this is not where our site is located. The site you wanted to actually go to was calomel.org. Firefox should not guess where the user wants to go and this could open up privacy and security problems link typo squatting and fishing scams.

Another problem is if the user types the URL wrong. What if you typed "centralbank" instead of your actual bank, "central-bank". You may be connected to a person typo squatting your financial institution. Typosquatting, also called URL hijacking, is a form of cybersquatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to an alternative website owned by a cybersquatter.

We suggest disabling this option. The browser should not infer where the user wants to go. If we type the wrong URL into the bar then we want to see an error.

The following options are triggered:

• browser.fixup.alternate.enabled false (default true)
• keyword.enabled false (default true)

When you disable this option all of the option return to their default values.

Optimization Tab

These are a collection of "safe" speed optimizations we found to increase the responsiveness of Firefox while reducing the CPU load and bandwidth usage. Keep in mind that these options a similar to what you find in FasterFox, but we only enable configurations considered safe and non-abusive to remote servers. If you enable these options the use of FasterFox would be unnecessary.

enable dns lookups over SOCKS5 (SOCKS v5) when using a proxy

When you use a proxy server you are sending you http and http requests through the remote machine. It make sense to also send you dns requests through the proxy. If you do not, then even if your web traffic is proxied your DNS requests are not. This means the DNS admin at your location can look at what DNS requests you have made and infer where you are going.

For privacy and security this option send your DNS requests over the proxied connection

This option is especially useful if you setup a ssh tunneling proxy. You can find our detailed tutorial at Calomel.org's Proxy Firefox through a SSH tunnel.

The following option is triggered:

• network.proxy.socks_remote_dns true (default false)

When you disable this option all of the proxy options return to their default values.

wait up to 2000ms before page rendering

Firefox renders web pages incrementally. It displays the parts of the page that has been received before the entire page has been downloaded. What you see is the same web page being re-rendered every time another object, like a picture, has been received. This a CPU intensive task since the start of a web page normally doesn't have much useful information to display. A better solution is if Firefox should wait a short interval before first rendering a page.

We set the delay to 2000 milliseconds. This is the maximum amount of time Firefox will wait to start rendering the page. If all of the parts of the page are received before this time the page is displayed immediately. We will also set the notification interval of the browser rendering engine to 1 million microseconds (1 second) before the total of 5 refreshes is reached. The overall effect is pages using less CPU time and rendering the complete page more quickly.

The following option is triggered:

• nglayout.initialpaint.delay 2000 (default 250 milliseconds)
• content.notify.interval 1000000 (default 120000 milliseconds)
• content.notify.backoffcount 5 (default -1; unlimited refreshes)
• content.notify.ontimer true (default false)

Lower values will make a page initially display more quickly, but will make the page take longer to finish rendering.

When you disable this option all of the options return to their default values.

disable prefetch of unvisited links

Link prefetching is when a web page hints to the browser that certain pages are likely to be visited next. Firefox downloads them immediately so they can be displayed from cache _if_ the user requests them.

Though this sound like a great idea it adds a lot of CPU overhead and uses excessive bandwidth. You may prefer to only download pages for which you ask for, and only when you ask for them.

The following option is triggered:

• network.prefetch-next false (default true)

When you disable this option all of the options return to their default values.

enable tab preview switching (Ctrl-Tab)

Enabling this preview feature will add a new button to the right side of the Firefox tab bar. This button will display an overlay window that contains thumbnail previews of all open tabs in Firefox. A click on any tab thumbnail will make that tab the focus in the web browser. There is also a search box at the top of the window. This will automatically choose the tab that is closest to your search query.

Using Ctrl-Tab with this option enabled will change the default CTRL-Tab feature in Firefox. If you press CTRL-Tab by default in Firefox the browser will cycle through the open tabs in the web browser. The new action will show a visual tab switcher displaying thumbnail images of the current and the five most recent tabs with an option to quickly flip through them by pressing Ctrl-Tab again. The same preview contains an option at the bottom of the window to display all open tabs.

Using this option may make other add ons like "FoxTab" unnecessary.

The following options are triggered:

• browser.ctrlTab.previews true (default false)
• browser.allTabs.previews true (default false)

When you disable this option all of the options return to their default values.

enable caching only to ram (128meg); not to the hard drive

If you have a decent amount of ram (i.e. 2gig or more) in your system then you may want to think about caching _only_ to RAM. Normally, Firefox will cache most of the objects from a web page onto the hard drive. You can speed up browsing very slightly by caching those objects into ram only. Caching to RAM is also attractive if you clear cache frequently, clear all caches when Firefox closes or want to make sure nothing is put on the hard drive for privacy reasons.

By default, Firefox will look at how much RAM you have in your machine and will decide how much RAM for cache purposes it will use. Firefox automatically decides the maximum memory to use to cache decoded images and chrome objects based on this table.

browser.cache.memory.capacity="-1" autoset    Physical RAM 	 Memory Cache     32 MB           2 MB      64 MB           4 MB    128 MB           6 MB    256 MB          10 MB    512 MB          14 MB      1 GB          18 MB      2 GB          24 MB      4 GB          30 MB      8 GB and up   32 MB  

To make ram caching work we simply disable disk caching. This forces Firefox to place all web page objects that would normally be cached on disk, into ram. We also increase the amount of cache in RAM to 128 megabytes from the amount specified in the table above. If the amount of objects that need to be cached exceeds the amount of RAM cache you have, Firefox will simply gets rid of the oldest unused objects. Lastly, we disable offline disk cache.

NOTE: we do not recommend using this option is you have less than 1 gigabyte of ram in your system. The reason is we allow Firefox to use up to 128 meg to cache objects and if the system does not have a lot of RAM you may start to use swap on the hard drive. To check what Firefox is caching you can use the Calomel sub menu under the "Tools" menu.

The following options are triggered:

• browser.cache.disk.enable false (default true)
• browser.cache.disk.capacity 0 (default 250 megabytes)
• browser.cache.memory.enable true (default true ; we are making sure ram caching is enabled)
• network.http.use-cache true (default true ; we are making sure caching is enabled for http and https)
• browser.sessionhistory.cache_subframes true (default false)
• browser.cache.check_doc_frequency 3 (default 3; make sure 3 is enabled as 2 messes up caching)
• browser.cache.memory.capacity 131072 (default -1 ; auto-configure according to the table above)

When you disable this option all of the caching options return to their default values.

Privacy Tab

do not show tab titles or icons

This option will clear the title and icon normally seen in the current tab. If you are concerned with people looking over your shoulder at your browser to see what sites you have open, this is a good idea. If you take advantage of this option, the use of a add-on like "Page Title Eraser" would be unnecessary.

There is also a toggle option under the "Tools" menu. The toggle only temporary turns on or off tab titles and icons. When Firefox is restarted the option you preferred in the add-ons preferences will be restored.

disable safe browsing for privacy and speed

Firefox incorporates the "Google Safe Browsing" extension in its own "Phishing Protection" feature to detect and warn users of phishy web sites. This sounds great, but most of the time you will never see the result of this feature. In fact, unless you are normally going to the darker edges of the Internet you may have never seen this Firefox error pop up.

There are two reasons we see to disable this function. Privacy and speed. Every time you go to a site, change a URL or do anything that information is sent to Google to be checked. This is violation of privacy as Google will track everything your ip does and everywhere you go. Disabling this option is also a way to gain some much needed response times. Every time you go to a new URL Firefox send a request to Google and this takes time. Once the request has been received from Google it is cache locally, but looking up the request in the look up file also takes time.

The following option is triggered:

• browser.safebrowsing.enabled false (default true)
• browser.safebrowsing.malware.enabled false (default true)

If you are worried about shady sites it is much more secure to turn off all Java scripting than use the "safe browsing" option. Take a look at the NoScript add-on. It will keep you much safer than this option ever could; and it won't track your every click.

When you disable this option all of the options return to their default values.

disable geo location reporting to webpages

When you visit a location-aware website, Firefox will ask you if you want to share your location. If you allow geo reporting, Firefox gathers information about nearby wireless access points and your computers IP address. Then Firefox sends this information to the default geolocation service provider, Google Location Services, to get an estimate of your location. That location estimate is then shared with the requesting website.

The following option is triggered:

• geo.enabled false (default true)

When you disable this option all of the options return to their default values.

disable dns prefetch of unvisited sites

DNS resolution is dominated by latency instead of bandwidth and the time to resolve a host is getting longer now that DNSSEC is being used. This makes DNS lookups a perfect candidate for speculative pre-fetching. The advantage is in the latency improvement; instead of waiting for a hostname lookup when you click on a link, do the lookup while you are reading the page the link is embedded in. The cost of the lookups is small compared to time saved when waiting for the hostname to be resolved after clicking on that link. By keeping DNS prefetching enabled you may gain 1% to 3% speed increase, but this gain is not likely to be noticed. This sounds like a great option! So, what is the problem?

When you go to a web page, Firefox will look at all of the links to all of the sties on that page. Then the browser will ask for the ip address for every one of those hosts. If the owner of the DNS server of the domain, the owner of the DNS server you are querying and anyone listing to the network wanted to profile your browsing habits they would only need to list out your requests by ip. Once the data is correlated they could get a good idea on not only the sites you go to, but also the pages on those sites. Remember that even if the web page you went to is SSL encrypted the DNS requests are not.

The prefetcher does the opposite of its promise. It actually slows down the browser by looking up hundreds of domains a user will not click on. A good example is news.google.com which spawns around 375 DNS lookups. All this dns overhead to save one(1) dns lookup the user actually clicks and requests. In essence, we have traded one perceived performance advantage for an increase in system load, browser speed and network bandwidth.

So, what are the implications to privacy using prefetching? The best case scenario is that this prefetching introduces some noise into any logs made by the DNS server. The worst case scenario is that this enables a finer granularity of information to be inferred from the logs. For example, if a.com/a.html is the only page that has a link to b.com, and a user requests DNS records for both a.com and b.com in a short period of time, we can infer that he visited a.html.

For more information on DNS prefetching and its impact on privacy take a look at the study called, "DNS Prefetching and Its Privacy Implications".

To try to retain some privacy and reduce system load we offer the option to disable DNS prefetching.

The following options are triggered:

• network.dns.disablePrefetch true (default false)
• network.dns.disablePrefetchFromHTTPS true (default false)

When you disable this option all of the options return to their default values.

do not send any referer information to remote servers

When you click on a link, the link sends you to the new web page. Firefox requests the new page and will send information to the new server about where you clicked the link from. This information is called the "referer". If you come from a search engine, like Google, Firefox will also send the search parameters you used. For Privacy you may not want any of this information passed to the new server. By enabling this Privacy option the referer will not be sent at all and in the remote server logs there will be only a dash "-" where the referer should be. This is true for all combinations of http(s) to any http(s) sites. To test the referer try a site like WhatsMyReferer.com. Try going to the test site with the referer enabled and disabled to see the difference. Remember to restart Firefox when changing preferences in this add on.

The following option is triggered:

• network.http.sendRefererHeader 0 (default 2)
• network.http.sendSecureXSiteReferrer false (default true)

When you disable this option all of the options return to their default values.

anonymize user agent: Mozilla/5.0 (Gecko) Firefox/64

Every time Firefox goes to a website the user agent is sent to the remote server. The user agent will include the version of Firefox and general operating system information. There is no real reason a remote web server would need these many details about our computer. For Privacy you may not want any of this data being broadcast to the world as it can be used to vector targeted attacks by malicious web servers or ad networks. By enabling this Privacy option the user agent will be anonymized to a generic string.

For example, the default user agent sent from a 64bit Ubuntu linux machine running Firefox 19 looks like "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0". With this option enabled we anonymize the UA to simply "Mozilla/5.0 (Gecko) Firefox/64". This anonymized format is happily accepted by Google and other services as valid. Note that sending no user agent at all or even a non-standard string will normally break sites which try to dynamically format their pages for certain devices. Our abbreviated user agent string seems to work fine. To test the user agent yourself try a site like WhatsMyOS.com. Try going to the test site with this option enabled and disabled to see the difference. The bottom of the WhatsMyOS test page will show your real user agent string. Remember to restart Firefox when changing preferences in the add on.

Note: some sites may not load correctly if they are checking the browser's user agent for a very specific string. Sites using the useragent for site authentication or access is a very poor security model which is why most sites disabled the User-Agent checks long ago. Turn this option off if you find sites you go to are denying access.

The following option is triggered:

• general.useragent.override "Mozilla/5.0 (Gecko) Firefox/64" (default undefined)

When you disable this option all of the options return to their default values.

Annoyances Tab

disable animated gif and ads

This option disables the browser's ability to cycle animated images. An example would be an advertisement or a little icon in someones signature or forum. If you dislike seeing obnoxious ads animating over and over this is a great solution.

Understand that this does not stop flash or movies from playing.

The following option is triggered:

• image.animation_mode none (default normal)

When you disable this value all of the options return to their default values.

disable pop-up tips under the mouse cursor

A "Tool Tip" is the little box that pops up under the mouse cursor and shows some text about the image you are hovering over. If you find tool tips useless and distracting this option can help.

The following option is triggered:

• browser.chrome.toolbar_tips false (default true)

When you disable this value all of the options return to their default values.

enable ICC color correction for all images

In digital imaging systems, color management is the controlled conversion between the color representations of various devices, such as image scanners, digital cameras, monitors, TV screens, and media. The primary goal of color management is to obtain a reasonable match across all color devices. A video which should appear the same color on a computer LCD monitor, a TV screen, and on a printed frame of video. Color management helps to achieve the same appearance on all of these devices, provided the devices are capable of delivering the needed color intensities. Most of the time this option will be too subtle to notice, but it is easy to use and only slows down the rendering of the page a few percentage points.

This option enables ICC color correction to be applied to all images on the page not just those will an ICC flag. An excellent wordpress post at Dria.org called, "Firefox 3: Color profile support" has pictures detailing what you see with and without ICC support.

If you enable this option the system default color profile will be used which should be perfectly fine for 99% users. The default rendering "intent" is perceptual. This directs Firefox to render the image to preserve detail throughout the tonal range of the image. Especially useful for general purpose display of images in typical cases like photographs and other pictures.

The use of this option may negate the need for another add-ons like "Color Management" for example.

The following option is triggered:

• gfx.color_management.mode 1 (default 2)

When you disable this value all of the options return to their default values.

enable spell check on all text boxes

Normally, Firefox will only spell check a text box if that text box is two(2) lines or greater. This option simply enables spell checking on all text boxes. This means when you type something into Google's search box, post a twitter post or anything which is entered on a single line Firefox will spell check the entry. You will see a red wavy line under the misspelled word. Just right click on the word in question and see Firefox's suggestions for the correct spelling.

The following option is triggered:

• layout.spellcheckDefault 2 (default 1)

Lastly, if you want to install dictionaries for more languages go to Mozilla's Dictionaries & Language Packs page.

When you disable this value all of the options return to their default values.

disable internal DNS cache

Firefox will internally cache up to 20 hostname to ip address pairs for 60 seconds. This is done to help speed up browsing to some sites. The main problem is if you use Firefox to test servers in a production environment and those hostname to ip address change frequently. It is a pain to have to wait till Firefox clears it's own cache or remembering to clear the cache manually every time you test a new server.

The other problem is many of the busiest sites have significantly more than 20 links to 20 different hostnames so internally caching is really not that helpful.

This option just disables Firefox's internal DNS cache completely and directs Firefox to check an external DNS server. The external DNS server could be your OS if you have that setup or it could be you local LAN DNS server.

If you setup your own DNS caching, validating and resolving server like Unbound or BIND then Firefox will use those directly. We find that querying our private Unbound DNS server is significantly faster than using the internal cache.

If you are using Firefox on Windows then Windows contains a client-side Domain Name System (DNS) cache. If you want to, you can disable this cache by searching on google for "disable windows dns cache". Once Firefox's cache is disable and Windows cache is disable then you should be querying your external LAN DNS server.

You many want to test this option yourself on your network to see if you want to use it.

This option is exactly what the Firefox add-on "DNS Cache" does and basically negates the need to manually clear the DNS cache like what the add-on "Clear Cache Button" does.

The following options are triggered:

• network.dnsCacheEntries 0 (default 20 hostname to ip address pairs)
• network.dnsCacheExpiration 0 (default 60 seconds)

When you disable this value all of the options return to their default values.

About Tab

show help page after update

This simply opens up a tab and loads this help page when the add-on is updated. When changes are made you can read about them here in detail after Firefox is restarted. You can also get to this page using the link at the bottom of the drop down box after clicking the colored URL icon button.

When you disable this value the help page will not open on upgrades.

Questions?

I have a question, comment or suggestion about the add-on.

On the Mozilla Firefox page for the add-on,"Calomel SSL Validation" there is a review box. You are welcome to write a review, grade the add-on and add any addition comments you have concerns about. This is not a bug reporting tool, but should serve this purpose fine. We would be happy to hear about any way to improve the extension.

I notice when I open a blank tab there is a saying in the drop down box.

When there is not an active connection in a tab the drop down box does not really do much. So, we put the current version of the addon in the drop down panel.

What can I do about Adobe Flash cookies which are NOT controlled by Firefox ?

If you setup Firefox in "Private Browsing" mode and delete cookies when you shut the browser down, Flash cookies will NOT be deleted. A flash cookie, or Local Shared Object, is a file a website using Adobe products stores on your computer, outside of the control of your browser settings. This is different from a regular cookie. These are associated with Adobe flash which is used by many websites. Unfortunately, they are also used to store tracking information. This data can be accessed by sites who did not originally set them as well as back up data from regular cookies stored by your browser; which should have been deleted. This is a HUGE privacy violation.

In Ubuntu and many Linux distributions, Adobe Flash settings are stored in ~/.adobe and the cookies themselves in ~/.macromedia folders. We suggest symlinking these to /dev/null so anyone trying to write to these folders does not get an error message, but nothing ever gets written to disk.

We use the following commands to link Adobe to /dev/null

1. rm -rf ~/.adobe ~/.macromedia
2. ln -s /dev/null ~/.adobe
3. ln -s /dev/null ~/.macromedia

Eventually, HTML5 should be able to replace Adobe Flash video and some other Adobe functions. We hope this day comes sooner then later when a company like Adobe does sneaky actions like these.

Finally, we prefer simple solutions, but if you do not want to setup the directories to link to /dev/null then there is a add-on that can help. Take a look at "BetterPrivacy" on the mozilla site. It has this ability to delete these types of Flash 'SuperCookies'.