tls downgrades -> session only
This commit is contained in:
parent
187692af66
commit
fe1b03bd2a
8
user.js
8
user.js
@ -658,7 +658,9 @@ user_pref("security.ssl.require_safe_negotiation", true);
|
||||
* [1] https://www.ssllabs.com/ssl-pulse/ ***/
|
||||
// user_pref("security.tls.version.min", 3);
|
||||
// user_pref("security.tls.version.max", 4);
|
||||
/* 1203: disable SSL session tracking [FF36+]
|
||||
/* 1203: enforce TLS 1.0 and 1.1 downgrades as session only */
|
||||
user_pref("security.tls.version.enable-deprecated", false);
|
||||
/* 1204: disable SSL session tracking [FF36+]
|
||||
* SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking
|
||||
* [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the
|
||||
* consequences. FPI isolates these, but it was designed with the Tor protocol in mind,
|
||||
@ -667,12 +669,12 @@ user_pref("security.ssl.require_safe_negotiation", true);
|
||||
* [2] https://bugzilla.mozilla.org/967977
|
||||
* [3] https://arxiv.org/abs/1810.07304 ***/
|
||||
user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF]
|
||||
/* 1204: disable SSL Error Reporting
|
||||
/* 1205: disable SSL Error Reporting
|
||||
* [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html ***/
|
||||
user_pref("security.ssl.errorReporting.automatic", false);
|
||||
user_pref("security.ssl.errorReporting.enabled", false);
|
||||
user_pref("security.ssl.errorReporting.url", "");
|
||||
/* 1205: disable TLS1.3 0-RTT (round-trip time) [FF51+]
|
||||
/* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+]
|
||||
* [1] https://github.com/tlswg/tls13-spec/issues/1001
|
||||
* [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/
|
||||
user_pref("security.tls.enable_0rtt_data", false);
|
||||
|
Loading…
Reference in New Issue
Block a user