From fe1b03bd2aafd6f9193d5ef2068192c3fcc9e01b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 27 Mar 2020 12:36:16 +0000 Subject: [PATCH] tls downgrades -> session only --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index e6a1cb7..e9c6f8a 100644 --- a/user.js +++ b/user.js @@ -658,7 +658,9 @@ user_pref("security.ssl.require_safe_negotiation", true); * [1] https://www.ssllabs.com/ssl-pulse/ ***/ // user_pref("security.tls.version.min", 3); // user_pref("security.tls.version.max", 4); -/* 1203: disable SSL session tracking [FF36+] +/* 1203: enforce TLS 1.0 and 1.1 downgrades as session only */ +user_pref("security.tls.version.enable-deprecated", false); +/* 1204: disable SSL session tracking [FF36+] * SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the * consequences. FPI isolates these, but it was designed with the Tor protocol in mind, @@ -667,12 +669,12 @@ user_pref("security.ssl.require_safe_negotiation", true); * [2] https://bugzilla.mozilla.org/967977 * [3] https://arxiv.org/abs/1810.07304 ***/ user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] -/* 1204: disable SSL Error Reporting +/* 1205: disable SSL Error Reporting * [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html ***/ user_pref("security.ssl.errorReporting.automatic", false); user_pref("security.ssl.errorReporting.enabled", false); user_pref("security.ssl.errorReporting.url", ""); -/* 1205: disable TLS1.3 0-RTT (round-trip time) [FF51+] +/* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+] * [1] https://github.com/tlswg/tls13-spec/issues/1001 * [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/ user_pref("security.tls.enable_0rtt_data", false);