Opera 12 security issue


  • Vivaldi Translator

    It seems that when Opera checks for updates, it switches off SSL3 (a good thing), but also switches off TLS1.1 and 1.2. :huh: I advise users check their security settings, and re-enable the newer protocols, and disable Operas auto update option. This means you will not receive updates for your plugins, so you must regularly update manually then re-enable the TLS options. [attachment=294]TLS.jpg[/attachment] Attachments: [img]https://forum.vivaldi.net/uploads/attachments/7680/TLS.jpg[/img]



  • I think they switched those of for a reason. When they got enabled it crashed like mad here.. Hoping they will fix that



  • Thanks Doc.
    Never noticed this behaviour. Good to know so one can check periodically.


  • Vivaldi Translator

    Well that sounds reasonable, although I haven't noticed any extra crashy-ness with them on, so perhaps we should get a little more feedback.
    I guess maybe a few screen-shots of the SSL info in the address bar showing a connection to 1.1 and 1.2 enabled sites.



  • I also never saw a crash related having TLS 1.1 & TLS 1.2 enabled

    Here is the related post http://blogs.opera.com/security/2014/10/security-changes-opera-25-poodle-attacks/



  • Likewise, I've never noticed Opera crashing with TLS 1.1 and 1.0 enabled along with 1.2 in v12.14. Perhaps any crashing has to do with how certain sites negotiate with Presto Opera over the highest jointly-acceptable protocol to use for a https session, and perhaps I never visit such sites? In any case, to keep Opera from continually auto-disabling TLS 1.1 and 1.0 (even with updating "turned off"), I found that I needed to totally disable Opera's updater file… and I've been running that way for some weeks now.



  • Don't know the exact details of the crash, just know they got many crashlogs. So it was not just us getting it :-)



  • The only working solution is to block access to address "autoupdate.opera.com" in your firewall (or add it to the Hosts file if you don't have a FW). I don't know why Opera team is still disabling TLS 1.1 and 1.2 remotely on all clients, if it is more secure than TLS 1.0. Some web sites require the later TLS versions and don't work with 1.0.



  • @redfox:

    The only working solution is to block access to address "autoupdate.opera.com" in your firewall

    I went into .opera and edited the prefs file. After that I haven't seen them disabled.



  • @redfox:

    The only working solution is to block access to address "autoupdate.opera.com"

    I think that going to opera:config and disabling the auto updates there, should be more than enough.



  • The issue disappeared.
    I have not modified nor blocked anything.
    Now when i check for updates Opera no longer disables TLS 1.1 and 1.2
    They have probably solved remotely.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.