1201: SSL renegotiation -> active, closes #519

2018-10-16 11:57:32 +00:00 · 2018-10-16 11:57:32 +00:00 · 9e073ea5d5
commit 9e073ea5d5
parent 732c438148
1 changed files with 5 additions and 4 deletions
--- a/user.js
+++ b/user.js
@ -710,10 +710,11 @@ user_pref("alerts.showFavicons", false); // default: false
 ***/
 user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
 /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/
-/* 1201: disable old SSL/TLS - vulnerable to a MiTM attack
- * [WARNING] Tested Feb 2017 - still breaks too many sites
- * [1] https://wiki.mozilla.org/Security:Renegotiation ***/
-   // user_pref("security.ssl.require_safe_negotiation", true);
+/* 1201: disable old SSL/TLS "insecure" renegotiation (vulnerable to a MiTM attack)
+ * [WARNING] <2% of secure sites do NOT support the newer "secure" renegotiation, see [2]
+ * [1] https://wiki.mozilla.org/Security:Renegotiation
+ * [2] https://www.ssllabs.com/ssl-pulse/ ***/
+user_pref("security.ssl.require_safe_negotiation", true);
 /* 1202: control TLS versions with min and max
 * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc
 * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1