- Call up the configuration page by typing about:config in the address bar.
- Firefox may pop up a warning along the lines of "here ends your warranty". If it does that, confirm that you'll be careful.
- On top of the page, above many config settings, there's now a search bar. Enter RC4
- As search result you see the various cipher combinations that use this encryption standard (6 lines here). Double-click on each of these 6 lines (e.g. security.ssl3.rsa_rc4_128_md5) to toggle them from "true" to "false".
- That's it, you're done.
Wednesday, November 13, 2013
This has probably been blogged, reblogged, and reblogged again. Anyway... The RC4 cipher is considered broken, however many https websites still use it as default and Firefox even displays these connections as "high grade encryption". What can you do? Disable RC4 in the Firefox configuration!