Git/firefox-user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2025-11-03 23:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

1201 + 1270 update (#859)

Browse Source 
trim by a line, remove extra space, fixup on red, indicate it only applies if 1201 is false
This commit is contained in:
earthlng
2019-12-07 18:26:39 +00:00
committed by Thorin-Oakenpants
parent 97043b0ce1
commit 4074a37e1d
1 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
user.js
View File

@@ -640,8 +640,15 @@ user_pref("browser.shell.shortcutFavicons", false);
***/
user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
/** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/
/* 1201: disable old SSL/TLS "insecure" negotiation (vulnerable to a MiTM attack)
* [1] https://wiki.mozilla.org/Security:Renegotiation ***/
/* 1201: require safe negotiation
* Blocks connections to servers that don't support RFC 5746 [2] as they're potentially
* vulnerable to a MiTM attack [3]. A server *without* RFC 5746 can be safe from the attack
* if it disables renegotiations but the problem is that the browser can't know that.
* Setting this pref to true is the only way for the browser to ensure there will be
* no unsafe renegotiations on the channel between the browser and the server.
* [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://tools.ietf.org/html/rfc5746
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 ***/
user_pref("security.ssl.require_safe_negotiation", true);
/* 1202: control TLS versions with min and max
* 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
@@ -747,8 +754,10 @@ user_pref("security.mixed_content.block_object_subrequest", true);
// user_pref("security.ssl3.rsa_aes_256_sha", false);
/** UI (User Interface) ***/
/* 1270: display warning (red padlock) for "broken security" (see 1201)
* [1] https://wiki.mozilla.org/Security:Renegotiation ***/
/* 1270: display warning on the padlock for "broken security" (if 1201 is false)
* Bug: warning padlock not indicated for subresources on a secure page! [2]
* [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://bugzilla.mozilla.org/1353705 ***/
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
/* 1271: control "Add Security Exception" dialog on SSL warnings
* 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)