IMPORTANT NOTE: Development on Moonlight TLS Control has been halted due to an upcoming change in Mozilla's add-on architecture. XUL / XPCOM extensions will soon no longer be supported, meaning that TLS certificate and cipher suite information will no longer be accessible to add-ons. Should this functionality become available in the future, development may resume.

Moonlight TLS Control (MTC) is a Firefox extension that provides a method of scanning the TLS / SSL cipher suites supported by a website. Once a site has been scanned, it can then adjust the browser's enabled cipher suites to obtain a more secure connection to that site.

Why would I use this extension?

Adherence to security standards has improved significantly in recent years. Virtually all reputable businesses are now using SSL / TLS to encrypt sensitive data in transit. Unfortunately, many of these businesses have not optimized their servers to negotiate the most secure connection possible.

MTC helps to alleviate this issue by adjusting your browser to force a stronger connection when possible.

How does it work?

The TLS protocol states that the server ultimately makes the decision about which cipher suite to use (see this Wikipedia article). Moonlight TLS Control works by restricting the cipher suites that factor into the server's decision. The server is probed by enabling one cipher suite at a time, and attempting to establish a secure channel for each one. These attempts are cataloged, aggregated, and displayed, then you are given the option to apply them. Applying the results determines the highest cipher suite level shared between the server and each connected host, then enables / disables cipher suites in the browser to maximize the security of the website.

Caveats

  • The scanning process can be time consuming. This depends heavily on server resources / settings, connected hosts, and network speed.
  • While scanning, no other activity should be performed in Firefox. Due to limitations in Firefox, the scanner must repeatedly reset any open channels to ensure a clean connection.
  • When the security level is set to Very Strong or Strong, some websites may fail to load if they do not support high security. If this happens, you can either scan the website or change to a lower security level.
 
  Contact Us | Privacy Policy | ©2007-2019 MoonlightTek, LLC. All rights reserved.