diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2017-07-20 14:22:19 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-02 19:07:53 +0100 |
commit | 2bacef6f143fe5cd246a5038759bdff004d4be94 (patch) | |
tree | 4c2102b0b257d65ed9a0e4acd712b77d30a4fc65 | |
parent | d98565a287341f86f07eafac47ce076b51cd94f4 (diff) | |
download | UXP-2bacef6f143fe5cd246a5038759bdff004d4be94.tar UXP-2bacef6f143fe5cd246a5038759bdff004d4be94.tar.gz UXP-2bacef6f143fe5cd246a5038759bdff004d4be94.tar.lz UXP-2bacef6f143fe5cd246a5038759bdff004d4be94.tar.xz UXP-2bacef6f143fe5cd246a5038759bdff004d4be94.zip |
Disable static DHE + AES suites by default (common combination for weak DH keys)
Issue #4 point 5
-rw-r--r-- | netwerk/base/security-prefs.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index 5b90d0642..329a4c6b7 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -29,9 +29,7 @@ pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true); pref("security.ssl3.ecdhe_rsa_aes_256_sha", true); pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); pref("security.ssl3.dhe_rsa_camellia_256_sha", true); -pref("security.ssl3.dhe_rsa_aes_256_sha", true); pref("security.ssl3.dhe_rsa_camellia_128_sha", true); -pref("security.ssl3.dhe_rsa_aes_128_sha", true); pref("security.ssl3.rsa_aes_256_gcm_sha384", true); pref("security.ssl3.rsa_aes_256_sha256", true); pref("security.ssl3.rsa_camellia_128_sha", true); @@ -39,6 +37,8 @@ pref("security.ssl3.rsa_camellia_256_sha", true); pref("security.ssl3.rsa_aes_128_sha", true); pref("security.ssl3.rsa_aes_256_sha", true); // Weak / deprecated +pref("security.ssl3.dhe_rsa_aes_256_sha", false); +pref("security.ssl3.dhe_rsa_aes_128_sha", false); pref("security.ssl3.rsa_aes_128_gcm_sha256", false); pref("security.ssl3.rsa_aes_128_sha256", false); pref("security.ssl3.rsa_des_ede3_sha", false); |