Verified Commit 70534c90 authored by ma1's avatar ma1
Browse files

fixup! Firefox preference overrides. 

MB361: Disable only cyphersuites using SH1 for signing (ECDSA).
parent 0287abcb

browser/app/profile/001-base-profile.js

+5 −8
Original line number Diff line number Diff line
@@ -139,16 +139,13 @@ pref("network.http.referer.hideOnionSource", true); 
// [4] https://www.ssllabs.com/ssl-pulse/

pref("security.ssl.require_safe_negotiation", true);



// Bug 40183: Disable TLS ciphersuites using SHA-1

// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40183

// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA)

// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437

pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);

pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);

// lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765

pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked);

pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked);

pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false, locked);

pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false, locked);

pref("security.ssl3.ecdhe_rsa_aes_128_sha", false, locked);

pref("security.ssl3.ecdhe_rsa_aes_256_sha", false, locked);

pref("security.ssl3.rsa_aes_128_sha", false, locked);

pref("security.ssl3.rsa_aes_256_sha", false, locked);



// Wrapping a static pref to lock it and prevent changing.

// See tor-browser#40565.