1
0

1264: update ciphers, fixes #1196 (#1197)

This commit is contained in:
Thorin-Oakenpants 2021-06-23 16:22:10 +00:00 committed by GitHub
parent b93a5e334c
commit a6d20eaf5b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -740,8 +740,8 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false);
// user_pref("dom.securecontext.whitelist_onions", true);
/** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro]
* These are all the ciphers still using SHA-1 and CBC which are weaker than the available alternatives. (see "Cipher Suites" in [1])
* Additionally some have other weaknesses like key sizes of 128 (or lower) [2] and/or no Perfect Forward Secrecy [3].
* These are the ciphers listed under "Cipher Suites" [1] that are either still using SHA-1 and CBC,
* and/or are missing Perfect Forward Secrecy [3] and/or have other weaknesses like key sizes of 128
* [1] https://browserleaks.com/ssl
* [2] https://en.wikipedia.org/wiki/Key_size
* [3] https://en.wikipedia.org/wiki/Forward_secrecy
@ -756,6 +756,8 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false);
// user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
// user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS
// user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS