[urgent] HTTPS scanning makes connections vulnerable/unsecure


@ALL: if you use HTTPS scanning make sure to put your bank, Paypal, eBay, ... in 'Exclusions' (Advanced Interface --> Settings --> Network --> Exclusions - lowest line in that window) and/or disable HTTPS scanning before making any transaction or giving (very) personal/private info to a site.

@AG team:
Please check here or here (or at any other browser security test site) to see hat "Your client is using TLS 1.0, which is very old, possibly susceptible to the BEAST attack, and doesn't have the best cipher suites available on it. Additions like AES-GCM, and SHA256 to replace MD5-SHA-1 are unavailable to a TLS 1.0 client as well as many more modern cipher suites."
I sincerely hope you haven't been aware of that?!

IMHO it's irresponsible to weaken customer security by ignoring security standards and well known weaknesses.
This is also nothing that can "wait until v6", AGs HTTPS scanning produces a severe security hole!


Staff member
We should implement TLS 1.2 in future indeed, I've answered in the corresponding thread.

One notice though.

Big red words on that website do not mean that TLS is not secure.
There are no vulnerabilities in it and if you compare 1.0, 1.1 and 1.2, they are all pretty the same.


Big red words on that website do not mean that TLS is not secure.
I am with you: A yr ago such security was nice to have. But nowadays you (IMHO) should proactively protect your customers.
Issues arise any other day.
It was at least cool, sign of a competent, engaged vendor to natively support newest technology. If websites turn that down (enough do! :( ) it's bad enough, isn't it?


New Member
I am kinda confused and alarmed at the same time about this. Is it safe or not to continue using AdGuard https on any website? Including banks, paypal etc.