From 1ff14e31c09f2326ec40bdb0afacc10ff26d88f5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 2 May 2019 00:47:14 +0000 Subject: [PATCH] 1201: TLS max -> inactive Lets be consistent, we don't make min active as it alters your FP, and the risk is super low (updated the telemetry stat: down from 2% to 0.5%). Default max is now 4 anyway (don't care about ESR - they should be using the v60 archive). --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 9184d47..1b77c9a 100644 --- a/user.js +++ b/user.js @@ -698,12 +698,13 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 - * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1 + * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. + * Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1 * [1] http://kb.mozillazine.org/Security.tls.version.* * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ * [2] archived: https://archive.is/hY2Mm ***/ // user_pref("security.tls.version.min", 3); -user_pref("security.tls.version.max", 4); + // user_pref("security.tls.version.max", 4); /* 1203: disable SSL session tracking [FF36+] * SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the