| ... |
... |
@@ -121,16 +121,13 @@ pref("network.http.referer.hideOnionSource", true); |
|
121
|
121
|
// [4] https://www.ssllabs.com/ssl-pulse/
|
|
122
|
122
|
pref("security.ssl.require_safe_negotiation", true);
|
|
123
|
123
|
|
|
124
|
|
-// Bug 40183: Disable TLS ciphersuites using SHA-1
|
|
125
|
|
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40183
|
|
|
124
|
+// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA)
|
|
|
125
|
+// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437
|
|
|
126
|
+pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
|
|
|
127
|
+pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
|
|
|
128
|
+// lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765
|
|
126
|
129
|
pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked);
|
|
127
|
130
|
pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked);
|
|
128
|
|
-pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false, locked);
|
|
129
|
|
-pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false, locked);
|
|
130
|
|
-pref("security.ssl3.ecdhe_rsa_aes_128_sha", false, locked);
|
|
131
|
|
-pref("security.ssl3.ecdhe_rsa_aes_256_sha", false, locked);
|
|
132
|
|
-pref("security.ssl3.rsa_aes_128_sha", false, locked);
|
|
133
|
|
-pref("security.ssl3.rsa_aes_256_sha", false, locked);
|
|
134
|
131
|
|
|
135
|
132
|
// Wrapping a static pref to lock it and prevent changing.
|
|
136
|
133
|
// See tor-browser#40565.
|