| ... |
... |
@@ -139,16 +139,13 @@ pref("network.http.referer.hideOnionSource", true); |
|
139
|
139
|
// [4] https://www.ssllabs.com/ssl-pulse/
|
|
140
|
140
|
pref("security.ssl.require_safe_negotiation", true);
|
|
141
|
141
|
|
|
142
|
|
-// Bug 40183: Disable TLS ciphersuites using SHA-1
|
|
143
|
|
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40183
|
|
|
142
|
+// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA)
|
|
|
143
|
+// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437
|
|
|
144
|
+pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
|
|
|
145
|
+pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
|
|
|
146
|
+// lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765
|
|
144
|
147
|
pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked);
|
|
145
|
148
|
pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked);
|
|
146
|
|
-pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false, locked);
|
|
147
|
|
-pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false, locked);
|
|
148
|
|
-pref("security.ssl3.ecdhe_rsa_aes_128_sha", false, locked);
|
|
149
|
|
-pref("security.ssl3.ecdhe_rsa_aes_256_sha", false, locked);
|
|
150
|
|
-pref("security.ssl3.rsa_aes_128_sha", false, locked);
|
|
151
|
|
-pref("security.ssl3.rsa_aes_256_sha", false, locked);
|
|
152
|
149
|
|
|
153
|
150
|
// Wrapping a static pref to lock it and prevent changing.
|
|
154
|
151
|
// See tor-browser#40565.
|