From d98565a287341f86f07eafac47ce076b51cd94f4 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Thu, 20 Jul 2017 14:19:54 +0200 Subject: Disable 3DES cipher by default + re-order a few things. Issue #4 point 4 --- netwerk/base/security-prefs.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'netwerk/base') diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index 9403b3139..5b90d0642 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -17,6 +17,7 @@ pref("security.ssl.false_start.require-npn", false); pref("security.ssl.enable_npn", true); pref("security.ssl.enable_alpn", true); +// TLS 1.0-1.2 cipher suites pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true); @@ -27,19 +28,20 @@ pref("security.ssl3.ecdhe_rsa_aes_128_sha", true); pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true); pref("security.ssl3.ecdhe_rsa_aes_256_sha", true); pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); -pref("security.ssl3.dhe_rsa_aes_128_sha", true); pref("security.ssl3.dhe_rsa_camellia_256_sha", true); pref("security.ssl3.dhe_rsa_aes_256_sha", true); pref("security.ssl3.dhe_rsa_camellia_128_sha", true); +pref("security.ssl3.dhe_rsa_aes_128_sha", true); pref("security.ssl3.rsa_aes_256_gcm_sha384", true); pref("security.ssl3.rsa_aes_256_sha256", true); pref("security.ssl3.rsa_camellia_128_sha", true); pref("security.ssl3.rsa_camellia_256_sha", true); pref("security.ssl3.rsa_aes_128_sha", true); pref("security.ssl3.rsa_aes_256_sha", true); -pref("security.ssl3.rsa_des_ede3_sha", true); +// Weak / deprecated pref("security.ssl3.rsa_aes_128_gcm_sha256", false); pref("security.ssl3.rsa_aes_128_sha256", false); +pref("security.ssl3.rsa_des_ede3_sha", false); pref("security.content.signature.root_hash", "97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E"); -- cgit v1.2.3