Calomel SSL Validation Version History

33 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 0.82 193.8 KiB Works with Firefox 47.0 - 56.*

The use of String.prototype.contains have been deprecated in Firefox 48. String compares have been converted to String.prototype.indexOf and String.prototype.include and are backwards comparable with Firefox 47.

Version 0.81 193.8 KiB Works with Firefox 47.0 - 47.0

Added ChaCha20 and Poly1305 values for the drop down box. Changed the score to 3/15 points for a SHA-1 MAC.

Version 0.80 194.0 KiB Works with Firefox 47.0 - 47.0

Added support for ChaCha20/Poly1305 cipher suites introduced in NSS 3.23 for Firefox 47.

Version 0.79 188.9 KiB Works with Firefox 39.0 - 47.*

Minor regular expression change to properly identify ECDSA client certificates signed against RSA certificate authorities.

Version 0.78 188.9 KiB Works with Firefox 39.0 - 44.*

Firefox 40 changed the ECDSA certificate strings used in the site and certificate authority. The update checks for the new ECDSA strings and properly grades the strength of the signed certificates.

Version 0.77 188.8 KiB Works with Firefox 39.0 - 40.*

Firefox 39 fixes the Logjam SSL/TLS vulnerability so we are re-enabling the Diffie-Hellman key exchange, AES ciphers which were removed in the previous version of the addon. Firefox 39 will not accept Diffie-Hellman keys shorter than 1,023 bits. This version of the addon will only work on Firefox 39 and later for security purposes.

Version 0.76 188.8 KiB Works with Firefox 29.0 - 38.0

The Diffie-Hellman key exchange ciphers have been removed from all of the "cipher restriction" options to mitigate the "Logjam attack". If you need the DH ciphers you can choose "all ciphers" under the security tab.

Version 0.75.1-signed 188.8 KiB Works with Firefox 29.0 - 37.0

Some sites do not like an empty user agent string. For example, a search with an empty user agent results in an infinite redirect loop and some content delivery networks (CDNs) believe the client is "suspicious". To alleviate this problem, the "Privacy" option to "anonymize the user agent" will now send the generic string "Mozilla/5.0 (compatible)".

Version 0.74.1-signed 188.8 KiB Works with Firefox 29.0 - 39.*

Added the TLS version number to the drop down box and score on the value. On the Security tab, the option to limit connections to TLS v1.2 is offered.

Version 0.72.1-signed 191.2 KiB Works with Firefox 27.0a1 - 36.*

Added a test for Elliptic Curve Digital Signature Algorithm (ECDSA) certificates which also get a 10/10 score. now uses ECDSA certs.

Version 0.70.1-signed 191.2 KiB Works with Firefox 27.0a1 - 27.0

The score for SHA-1 certificate hashes have been reduced to 4/10 points from 10/10 points. As of April 2014 the major certificate authorities now allow reissuing certificates with SHA-256 at 2048 bits. Only certificates hashed with at least SHA-256 at 2048 bits for the CA and site can be awarded the full 20 points. You will notice some sites will now drop down a color level. Those sites who received a green shield before might get a blue shield now.

Added a check for 3DES ciphers which was missing. Sorry about that.

Removed the orange shield icon. Shield colors are now: green, blue, yellow and red.

Version 0.67.1-signed 191.1 KiB Works with Firefox 27.0a1 - 29.*

With the release of Firefox 27 the add on now recognizes Galois/Counter Mode (GCM) block ciphers. Only sites who use GCM Perfect Forward Secrecy ciphers can reach 100% score and the green icon.

Version 0.66.1-signed 191.1 KiB Works with Firefox 25.0a1 - 26.*

Added multiple tiers of restricted cipher classes. There is an "Apply Settings Now" button in the options window so all options take affect immediately. Changed the icon to a shield (24x24 pixels), from the lock symbol, to better fit in with the default Firefox scheme. Changed the scoring system.

Version 0.64.1-signed 172.7 KiB Works with Firefox 25.0a1 - 25.*

Added the ability to grade each part of the FULL cipher suite including the key exchange, signature, bulk cipher and message authentication code. We also check and grade ciphers which support Perfect Forward Secrecy (PFS).

Calomel SSL Validation v0.64 is intended for Firefox 25 and greater only !!

If you have Firefox 24 or below use Calomel SSL Validation v0.62 !

Version 0.62.1-signed 173.3 KiB Works with Firefox 3.6 - 24.0

Updated the method to query the SSL certificate status for compatibility with Firefox v24.

Version 0.61.1-signed 173.3 KiB Works with Firefox 3.6 - 23.*

Fixed a bug when the high cipher was disabled, the OCSP setting kept getting reset. Also, separated the ability to disable OCSP from the High Cipher option.

Version 0.58.1-signed 172.6 KiB Works with Firefox 3.6 - 23.*

Changed the suite of strong ciphers to FIPS 140-2 and restricted the sets to no less then AES 256 bit.

Version 0.57.1-signed 172.6 KiB Works with Firefox 3.6 - 21.0

Added the check for Elliptic Curve Cryptography (ECC) Certificates and award the highest score to ECC "Curve bit" enabled sites. Google search is now ECC subject public key signed. ECC is faster and more secure then RSA.

Version 0.56.1-signed 172.6 KiB Works with Firefox 3.6 - 19.0

Fixed a problem with the user agent option which was being reset even if "annonymize user agent" was disabled. Thanks to VW for reporting the issue.

Version 0.55.1-signed 172.5 KiB Works with Firefox 3.6 - 21.*

Quick Update: If you choose to not send referer information then we make sure to also not send the referer header when navigating from a https site to another https site. Special thanks to "rvwr".

Version 0.54.1-signed 172.5 KiB Works with Firefox 3.6 - 19.0

Added two values to the Privacy option tab. You can now choose to not share any referer information with a remote server. You can also choose to send an anonymous user agent string which is "Mozilla/5.0 (Gecko) Firefox/64" without operating system or sensitive program version numbers. There is little need to send identifying information about our computer which could be used by malicious servers as vectors for attack or for targeted fishing attempts.

Version 0.53.1-signed 172.1 KiB Works with Firefox 3.6 - 19.*

Removed extraneous internal warning message and allowed the cipher types to be displayed on broken pages. No logical code changes.

Version 0.52.1-signed 172.0 KiB Works with Firefox 3.6 - 16.*

Updated code to disable the use of OCSP checking when using SSL. The reasons behind the decision are related to performance and security issues. OCSP and CRL requests increase page load times and are susceptible to blocking by man-in-the-middle attackers or captive portals, websites commonly used by Wi-Fi access points to prevent HTTP connections before users authenticate. BTW, Chrome has also disabled OSCP.

Version 0.51.1-signed 172.0 KiB Works with Firefox 3.6 - 11.*

Added an icon to show when a connection was completely broke. It is red with a bright white "X" in the middle.

The add on has been verified to be compatible with Firefox v8.0 in the BETA tree.

Version 0.50.1-signed 170.0 KiB Works with Firefox 3.6 - 8.0

Changed the lock icon to a 24x24 pixel png to better fit in with the default icons.

Added a check to give a score of 6 out of 6 points to any SHA-1 or SHA-2 based certificate hashes which are 1024 bit or larger.

When an option is turned off it will now be reset to browser defaults instead of being manually defined to a default value. This cleans up the code and purges any extraneous configuration options.

An option which is disabled will never modify a config value. If the option was once enabled and then disabled the config value will be reset to the browser default on browser restart and never touched again.

Version 0.48.1-signed 171.0 KiB Works with Firefox 3.6 - 7.0

Verified compatibility with Firefox 7.0 (beta channel)

When an option in the add on is disabled it will no longer set the value to the Firefox default on every restart. The add on will ONLY change the user set values on restart if that option was enabled and then disabled by the user. Special thanks to Chi and Wien Sean for reporting this issue.

Version 0.47.1-signed 171.0 KiB Works with Firefox 3.6 - 7.0

Verified the addon works under Firefox 7.0 (beta channel)

Fixed a bug where DNS prefetching was not being disabled when the option was chosen. -thanks to rvwr

Added the ability to disable DNS caching. This is quite useful when you need to test hosts that change ip address frequently.

Version 0.46.1-signed 171.0 KiB Works with Firefox 3.6 - 4.0.*

Verified compatibility with Firefox 4.0.*. No code changes.

Version 0.44 171.0 KiB Works with Firefox 3.6 - 4.0b6

fixed a small error in the spell checking option. Now, when you choose the option for spell checking to be disabled it will actually be turned off. The bug was found by users on the forums.

Version 0.43 171.0 KiB Works with Firefox 3.6 - 4.0b6

Added compatibility for Firefox 4.0b6. Removed the network option for pipelining due to new Mozilla rules. Added the date / time stamp at the bottom on the drop down window.