summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2017-07-20 14:22:19 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-02-02 19:07:53 +0100
commit2bacef6f143fe5cd246a5038759bdff004d4be94 (patch)
tree4c2102b0b257d65ed9a0e4acd712b77d30a4fc65
parentd98565a287341f86f07eafac47ce076b51cd94f4 (diff)
downloadUXP-2bacef6f143fe5cd246a5038759bdff004d4be94.tar
UXP-2bacef6f143fe5cd246a5038759bdff004d4be94.tar.gz
UXP-2bacef6f143fe5cd246a5038759bdff004d4be94.tar.lz
UXP-2bacef6f143fe5cd246a5038759bdff004d4be94.tar.xz
UXP-2bacef6f143fe5cd246a5038759bdff004d4be94.zip
Disable static DHE + AES suites by default (common combination for weak DH keys)
Issue #4 point 5
-rw-r--r--netwerk/base/security-prefs.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js
index 5b90d0642..329a4c6b7 100644
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -29,9 +29,7 @@ pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true);
pref("security.ssl3.ecdhe_rsa_aes_256_sha", true);
pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true);
pref("security.ssl3.dhe_rsa_camellia_256_sha", true);
-pref("security.ssl3.dhe_rsa_aes_256_sha", true);
pref("security.ssl3.dhe_rsa_camellia_128_sha", true);
-pref("security.ssl3.dhe_rsa_aes_128_sha", true);
pref("security.ssl3.rsa_aes_256_gcm_sha384", true);
pref("security.ssl3.rsa_aes_256_sha256", true);
pref("security.ssl3.rsa_camellia_128_sha", true);
@@ -39,6 +37,8 @@ pref("security.ssl3.rsa_camellia_256_sha", true);
pref("security.ssl3.rsa_aes_128_sha", true);
pref("security.ssl3.rsa_aes_256_sha", true);
// Weak / deprecated
+pref("security.ssl3.dhe_rsa_aes_256_sha", false);
+pref("security.ssl3.dhe_rsa_aes_128_sha", false);
pref("security.ssl3.rsa_aes_128_gcm_sha256", false);
pref("security.ssl3.rsa_aes_128_sha256", false);
pref("security.ssl3.rsa_des_ede3_sha", false);