diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-02-10 08:51:40 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-02-10 08:51:40 +0100 |
commit | 8beab28bfff78ccefc8677c5bdddd6f60c544600 (patch) | |
tree | bf5aada445760f3b76c1bee2640ea57d600b696c /netwerk | |
parent | 4adc4098851a84ed9436162e8114c6f834fbb64c (diff) | |
download | UXP-8beab28bfff78ccefc8677c5bdddd6f60c544600.tar UXP-8beab28bfff78ccefc8677c5bdddd6f60c544600.tar.gz UXP-8beab28bfff78ccefc8677c5bdddd6f60c544600.tar.lz UXP-8beab28bfff78ccefc8677c5bdddd6f60c544600.tar.xz UXP-8beab28bfff78ccefc8677c5bdddd6f60c544600.zip |
Expose TLS 1.3 cipher suite prefs.
Diffstat (limited to 'netwerk')
-rw-r--r-- | netwerk/base/security-prefs.js | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index 7d63267a6..ea0b2236d 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -17,6 +17,11 @@ pref("security.ssl.false_start.require-npn", false); pref("security.ssl.enable_npn", true); pref("security.ssl.enable_alpn", true); +// TLS 1.3 cipher suites +pref("security.tls13.aes_128_gcm_sha256", true); +pref("security.tls13.chacha20_poly1305_sha256", true); +pref("security.tls13.aes_256_gcm_sha384", true); + // TLS 1.0-1.2 cipher suites pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); @@ -36,11 +41,14 @@ pref("security.ssl3.rsa_camellia_128_sha", true); pref("security.ssl3.rsa_camellia_256_sha", true); pref("security.ssl3.rsa_aes_128_sha", true); pref("security.ssl3.rsa_aes_256_sha", true); -// Weak / deprecated + +// Deprecated pref("security.ssl3.dhe_rsa_aes_256_sha", false); pref("security.ssl3.dhe_rsa_aes_128_sha", false); pref("security.ssl3.rsa_aes_128_gcm_sha256", false); pref("security.ssl3.rsa_aes_128_sha256", false); + +// Weak/broken (requires fallback_hosts) pref("security.ssl3.rsa_des_ede3_sha", false); pref("security.ssl3.rsa_rc4_128_sha", false); pref("security.ssl3.rsa_rc4_128_md5", false); |