MobileRead Forums - View Single Post

dhdurgee · 08-11-2015, 11:53 AM

I have been following a thread on updating the firmware on older model kindles to 3.4.2 to improve security. As my K3 is already at that level I decided to check security with the howsmyssl.com web site mentioned there.

I was somewhat surprised by the output, which declared my SSL client BAD.
Further details were:

Version is improvable, as TLS 1.1 is being used instead of 1.2

Session Ticket Support is not supported and thus could be improved

The reason for the BAD call is that there are included Cipher Suites known to be insecure, specifically RC4 in three of them.

Is there anything we can do to remove the insecure cipher suites? I have not been using the K3 browser for anything critical, but it would be better to have it as secure as possible if a time came when I needed to use it due to lack of other equipment.

Dave

08-11-2015, 11:53 AM	#1
dhdurgee Guru Posts: 883 Karma: 2580688 Join Date: Jun 2010 Device: K3W, PW4	Kindle browser security issues I have been following a thread on updating the firmware on older model kindles to 3.4.2 to improve security. As my K3 is already at that level I decided to check security with the howsmyssl.com web site mentioned there. I was somewhat surprised by the output, which declared my SSL client BAD. Further details were: Version is improvable, as TLS 1.1 is being used instead of 1.2 Session Ticket Support is not supported and thus could be improved The reason for the BAD call is that there are included Cipher Suites known to be insecure, specifically RC4 in three of them. Is there anything we can do to remove the insecure cipher suites? I have not been using the K3 browser for anything critical, but it would be better to have it as secure as possible if a time came when I needed to use it due to lack of other equipment. Dave Last edited by dhdurgee; 08-11-2015 at 11:53 AM. Reason: fix typo