From 2bacef6f143fe5cd246a5038759bdff004d4be94 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Thu, 20 Jul 2017 14:22:19 +0200
Subject: Disable static DHE + AES suites by default (common combination for
 weak DH keys)

Issue #4 point 5
---
 netwerk/base/security-prefs.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'netwerk/base')

diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js
index 5b90d0642..329a4c6b7 100644
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -29,9 +29,7 @@ pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true);
 pref("security.ssl3.ecdhe_rsa_aes_256_sha", true);
 pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true);
 pref("security.ssl3.dhe_rsa_camellia_256_sha", true);
-pref("security.ssl3.dhe_rsa_aes_256_sha", true);
 pref("security.ssl3.dhe_rsa_camellia_128_sha", true);
-pref("security.ssl3.dhe_rsa_aes_128_sha", true);
 pref("security.ssl3.rsa_aes_256_gcm_sha384", true);
 pref("security.ssl3.rsa_aes_256_sha256", true);
 pref("security.ssl3.rsa_camellia_128_sha", true);
@@ -39,6 +37,8 @@ pref("security.ssl3.rsa_camellia_256_sha", true);
 pref("security.ssl3.rsa_aes_128_sha", true);
 pref("security.ssl3.rsa_aes_256_sha", true);
 // Weak / deprecated
+pref("security.ssl3.dhe_rsa_aes_256_sha", false);
+pref("security.ssl3.dhe_rsa_aes_128_sha", false);
 pref("security.ssl3.rsa_aes_128_gcm_sha256", false);
 pref("security.ssl3.rsa_aes_128_sha256", false);
 pref("security.ssl3.rsa_des_ede3_sha", false);
-- 
cgit v1.2.3