[tor-commits] [tor-browser/tor-browser-38.4.0esr-5.5-1] fixup! TB4: Tor Browser's Firefox preference overrides.

[gk at torproject.org]

commit 910844e490662894031a8b73a24093ddeda9e4f0
Author: Georg Koppen <gk at torproject.org>
Date:   Fri Nov 13 14:46:37 2015 +0000

    fixup! TB4: Tor Browser's Firefox preference overrides.
    
    Bug 17369: Disable RC4 fallback.
---
 browser/app/profile/000-tor-browser.js |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index c0fce16..1de3ed1 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -242,6 +242,9 @@ pref("network.jar.block-remote-files", false);
 // Enable TLS 1.1 and 1.2:
 // https://trac.torproject.org/projects/tor/ticket/11253
 pref("security.tls.version.max", 3);
+// Disable RC4 fallback. This will go live in Firefox 44, Chrome and IE/Edge:
+// https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/
+pref("security.tls.unrestricted_rc4_fallback", false);
 
 // Enforce certificate pinning, see: https://bugs.torproject.org/16206
 pref("security.cert_pinning.enforcement_level", 2);