Obtaining TFF without a TLS-compliant browser

Hyram Hakkenbekker's Avatar

Hyram Hakkenbekker

14 Jul, 2018 04:40 PM

Just encountered an odd problem after recommending TFF to someone on IRC:

How does one obtain a TLS 1.0 compliant browser if all you have are browsers that cannot do TLS 1.0 ? That stops the user from getting a copy of TFF from Sourceforge, for example./

  1. Support Staff 1 Posted by Cameron Kaiser on 14 Jul, 2018 05:46 PM

    Cameron Kaiser's Avatar

    If you visit the TenFourFox home page with a browser that is not TLS 1.2 compatible (the page can detect whether the browser is capable of TLS 1.2 using a heuristic), it will display an additional link to the TenFourFox Downloader. The Downloader will access SourceForge for you and download the most current version of the browser, after which you can update the browser using TenFourFox itself.

    The Downloader is not offered to everyone who visits because the Downloader is retrieved over unencrypted HTTP, so if the browser can connect over TLS 1.2, it will force the user to download TenFourFox directly from SourceForge instead of using the Downloader (which is more secure). However, this allows a system to bootstrap itself if all it can do is access TenFourFox's home page over TLS 1.0 or unencrypted HTTP.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac