From 26debee73392b4d138663204b343c8ca805e6b3f Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Fri, 17 Aug 2018 06:39:04 +0200 Subject: Reinstate RC4 and mark 3DES weak. Tag #709 --- netwerk/base/security-prefs.js | 2 ++ 1 file changed, 2 insertions(+) (limited to 'netwerk/base/security-prefs.js') diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index cfbbf4a45..7d63267a6 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -42,6 +42,8 @@ pref("security.ssl3.dhe_rsa_aes_128_sha", false); pref("security.ssl3.rsa_aes_128_gcm_sha256", false); pref("security.ssl3.rsa_aes_128_sha256", false); pref("security.ssl3.rsa_des_ede3_sha", false); +pref("security.ssl3.rsa_rc4_128_sha", false); +pref("security.ssl3.rsa_rc4_128_md5", false); pref("security.content.signature.root_hash", "97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E"); -- cgit v1.2.3 From 8beab28bfff78ccefc8677c5bdddd6f60c544600 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Sun, 10 Feb 2019 08:51:40 +0100 Subject: Expose TLS 1.3 cipher suite prefs. --- netwerk/base/security-prefs.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'netwerk/base/security-prefs.js') diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index 7d63267a6..ea0b2236d 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -17,6 +17,11 @@ pref("security.ssl.false_start.require-npn", false); pref("security.ssl.enable_npn", true); pref("security.ssl.enable_alpn", true); +// TLS 1.3 cipher suites +pref("security.tls13.aes_128_gcm_sha256", true); +pref("security.tls13.chacha20_poly1305_sha256", true); +pref("security.tls13.aes_256_gcm_sha384", true); + // TLS 1.0-1.2 cipher suites pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); @@ -36,11 +41,14 @@ pref("security.ssl3.rsa_camellia_128_sha", true); pref("security.ssl3.rsa_camellia_256_sha", true); pref("security.ssl3.rsa_aes_128_sha", true); pref("security.ssl3.rsa_aes_256_sha", true); -// Weak / deprecated + +// Deprecated pref("security.ssl3.dhe_rsa_aes_256_sha", false); pref("security.ssl3.dhe_rsa_aes_128_sha", false); pref("security.ssl3.rsa_aes_128_gcm_sha256", false); pref("security.ssl3.rsa_aes_128_sha256", false); + +// Weak/broken (requires fallback_hosts) pref("security.ssl3.rsa_des_ede3_sha", false); pref("security.ssl3.rsa_rc4_128_sha", false); pref("security.ssl3.rsa_rc4_128_md5", false); -- cgit v1.2.3 From d791dfed61bbc963351e5965657a3b13d4e6dceb Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Thu, 14 Mar 2019 13:07:00 +0100 Subject: Remove unused SSL errorReporting prefs Resolves #1003. --- netwerk/base/security-prefs.js | 4 ---- 1 file changed, 4 deletions(-) (limited to 'netwerk/base/security-prefs.js') diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index ea0b2236d..ef78ddccb 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -117,10 +117,6 @@ pref("security.webauth.u2f", false); pref("security.webauth.u2f_enable_softtoken", false); pref("security.webauth.u2f_enable_usbtoken", false); -pref("security.ssl.errorReporting.enabled", true); -pref("security.ssl.errorReporting.url", "https://incoming.telemetry.mozilla.org/submit/sslreports/"); -pref("security.ssl.errorReporting.automatic", false); - // OCSP must-staple pref("security.ssl.enable_ocsp_must_staple", true); -- cgit v1.2.3