commit 910844e490662894031a8b73a24093ddeda9e4f0 Author: Georg Koppen gk@torproject.org Date: Fri Nov 13 14:46:37 2015 +0000
fixup! TB4: Tor Browser's Firefox preference overrides.
Bug 17369: Disable RC4 fallback. --- browser/app/profile/000-tor-browser.js | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index c0fce16..1de3ed1 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -242,6 +242,9 @@ pref("network.jar.block-remote-files", false); // Enable TLS 1.1 and 1.2: // https://trac.torproject.org/projects/tor/ticket/11253 pref("security.tls.version.max", 3); +// Disable RC4 fallback. This will go live in Firefox 44, Chrome and IE/Edge: +// https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ +pref("security.tls.unrestricted_rc4_fallback", false);
// Enforce certificate pinning, see: https://bugs.torproject.org/16206 pref("security.cert_pinning.enforcement_level", 2);