ma1 pushed to branch tor-browser-115.16.0esr-13.5-1 at The Tor Project / Applications / Tor Browser

Commits:

1 changed file:

Changes:

  • browser/app/profile/001-base-profile.js
    ... ... @@ -121,16 +121,13 @@ pref("network.http.referer.hideOnionSource", true);
    121 121
     // [4] https://www.ssllabs.com/ssl-pulse/
    
    122 122
     pref("security.ssl.require_safe_negotiation", true);
    
    123 123
     
    
    124
    -// Bug 40183: Disable TLS ciphersuites using SHA-1
    
    125
    -// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40183
    
    124
    +// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA)
    
    125
    +// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437
    
    126
    +pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
    
    127
    +pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
    
    128
    +// lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765
    
    126 129
     pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked);
    
    127 130
     pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked);
    
    128
    -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false, locked);
    
    129
    -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false, locked);
    
    130
    -pref("security.ssl3.ecdhe_rsa_aes_128_sha", false, locked);
    
    131
    -pref("security.ssl3.ecdhe_rsa_aes_256_sha", false, locked);
    
    132
    -pref("security.ssl3.rsa_aes_128_sha", false, locked);
    
    133
    -pref("security.ssl3.rsa_aes_256_sha", false, locked);
    
    134 131
     
    
    135 132
     // Wrapping a static pref to lock it and prevent changing.
    
    136 133
     // See tor-browser#40565.