michel_ouba/FF_arkenfox_user.js
michel_ouba/FF_arkenfox_user.js
1
0
Fork 0
Code Releases Activity

1201 + 1270 update (#859)

Browse Source 
trim by a line, remove extra space, fixup on red, indicate it only applies if 1201 is false
This commit is contained in:
earthlng 2019-12-07 18:26:39 +00:00 committed by Thorin-Oakenpants
parent 97043b0ce1
commit 4074a37e1d
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
user.js
View File

@ -640,8 +640,15 @@ user_pref("browser.shell.shortcutFavicons", false);
***/ ***/
user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
/** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/
/* 1201: disable old SSL/TLS "insecure" negotiation (vulnerable to a MiTM attack) /* 1201: require safe negotiation
* [1] https://wiki.mozilla.org/Security:Renegotiation ***/ * Blocks connections to servers that don't support RFC 5746 [2] as they're potentially
* vulnerable to a MiTM attack [3]. A server *without* RFC 5746 can be safe from the attack
* if it disables renegotiations but the problem is that the browser can't know that.
* Setting this pref to true is the only way for the browser to ensure there will be
* no unsafe renegotiations on the channel between the browser and the server.
* [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://tools.ietf.org/html/rfc5746
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 ***/
user_pref("security.ssl.require_safe_negotiation", true); user_pref("security.ssl.require_safe_negotiation", true);
/* 1202: control TLS versions with min and max /* 1202: control TLS versions with min and max
* 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
@ -747,8 +754,10 @@ user_pref("security.mixed_content.block_object_subrequest", true);
// user_pref("security.ssl3.rsa_aes_256_sha", false); // user_pref("security.ssl3.rsa_aes_256_sha", false);
/** UI (User Interface) ***/ /** UI (User Interface) ***/
/* 1270: display warning (red padlock) for "broken security" (see 1201) /* 1270: display warning on the padlock for "broken security" (if 1201 is false)
* [1] https://wiki.mozilla.org/Security:Renegotiation ***/ * Bug: warning padlock not indicated for subresources on a secure page! [2]
* [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://bugzilla.mozilla.org/1353705 ***/
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
/* 1271: control "Add Security Exception" dialog on SSL warnings /* 1271: control "Add Security Exception" dialog on SSL warnings
* 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default) * 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)