A user is trying to access a poorly maintained website using a modern OS (Windows 10) and web browser (Firefox 100.0). They want to download something from there, but they are seeing a security warning indicating that the host is using a deprecated TLS protocol version and/or has an issue with its certificate. The user been in touch with the person who owns the domain and downloadable content, and this person is being slow to get it fixed.
Questions:
- Can the user (re-)enable old TLS protocol versions for this site in Firefox (
security.tls.version.enable-deprecated = FALSE
), and safely browse & download content as long as they avoid entering data such as credit card numbers, passwords, etc.? - Or does simply browsing a site using old TLS versions itself carry inherent risks?
- If the latter, is there a way for them to reasonably mitigate these risks? (By reasonable, I mean without configuring network/firewall settings, using a container, etc.)
They are considering firing up an old Windows XP computer running an also-old Internet Explorer, which I'm open to letting them do, as long as they don't share their data on the network and take the device offline as soon as they are done. LMK if you can think of any reasons why this would be a bad idea.
I looked for answers on Firefox forums, this forum, and via a general web search, but I didn't find anything useful.