Skip to content

Disable 1024-DH Encryption by default

https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/

Seems it very very likely the NSA has already broken both this and 512-bit encryption so it would be better to disable.

EFF.org recommends turning these 2 values in about:config to false:

security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha