- Go to https://telemetry.mozilla.org/
- click `measurement dashboard`
- select `SSL_HANDSHAKE_VERSION`
I looked at Nightly 75 (0.26 and 0.01) and Nightly 76 (0.2 and 0)
* simplify ciphers
- let's not encourage (remove options 1, 2) changing your cipher suite FP
- remove "it's quite technical ..." (everything is technical to someone), trim to one line
- add test link so users can just see that it's FP'able
- reinforce not to fuck with the cipher suite in the cipher's sub-section
https://wiki.mozilla.org/Security:Renegotiation describes
> **the new default behaviour** that was introduced in experimental mozilla-central nightly versions on 2010-02-08
where the last step is
> - should the server (or a MITM) request **renegotiation**, Mozilla will terminate the connection with an error message
and then after talking about breakage ...
> The above defaults may break some client/server environments where a Server is still using old software and requires renegotiation.
mentions workarounds to reduce said breakage:
> In order to give such environments a way to keep using Firefox (et.al.) to connect to their vulnerable server infrastructure, the following preferences are available:
specifically talking about the first 2 prefs listed there, one allowing to specify a list of hosts "where renegotiation may be performed" and the 2nd one "completely disables the new protection mechanisms".
But both those prefs were removed in FF38, meaning that since then it's no longer possible to disable the default behaviour that is "should the server (or a MITM) request **renegotiation**, Mozilla will terminate the connection with an error message".
But all of this is about the **re**-negotiation part and not negotiation. And nowhere does it say "insecure" renegotiation, which, as I read it, means that FF will terminate the connection for any kind of **renegotiation**, safe or unsafe.
1201 controls the negotiation part:
> This pref controls the behaviour during the initial negotiation between client and server.
> If set to true, a Mozilla client will reject all connection attempts to servers that are still using the old SSL/TLS protocol and which might be vulnerable to the attack.
> Setting this preference to “true” is the only way to guarantee full protection against the attack.
I think "servers that are still using the old SSL/TLS protocol" actually means servers that **only** support the old protocols.
Servers still supporting those old protocols in addition to some new protocol versions should not be affected by this pref because FF will be able to negotiate to use one of the newer protocol versions.
Ergo lets fix the title and remove the line about renegotiation support because I think that's irrelevant.
ps. the sslpulse link is nice and I'd like to keep it somewhere but it doesn't really fit in 1201 IMO so I moved it to 1202.
see `1273`
- we already make **all** windows do this (which overrides the pb mode setting), and these were inactive
- in FF70+ the icon pref (for PB mode and all windows) is now default true
- split geo related vs language/locale related
- rip out intl.locale.requested
- rip out intl.regional_prefs.use_os_locales
- add intl.charset.fallback.override
-Note that we do not support forks (i.e. IceCat, Pale Moon, WaterFox, etc).
- Make sure you searched for the `[Setup` tags in the `user.js`.
-Issues will be closed as invalid if you do not [troubleshoot](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.4-Troubleshooting), including
-confirming the problem is caused by the `user.js`
- searching the `[Setup` tags in the `user.js`
- Search the GitHub repository. The information you need is most likely here already.
-Check out our [troubleshooting](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.4-Troubleshooting) wiki page, including steps to see if the problem is caused by the `user.js` or an extension.
-Note: We do not support forks
See also:
- Extension breakage due to prefs [issue 391](https://github.com/ghacksuserjs/ghacks-user.js/issues/391)
@ -8,7 +8,7 @@ Everyone, experts included, should at least read the [implementation](https://gi
Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services.
Also be aware that this `user.js` is made specifically for Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser.
Also be aware that this `user.js` is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser.
* The 12bytes article now uses this user.js and supplements it with an additional JS hosted at [GitLab](https://gitlab.com/labwrat/Firefox-user.js/tree/master)
* The 12bytes article now uses this user.js and supplements it with an additional JS hosted at [Codeberg](https://codeberg.org/12bytes.org/Firefox-user.js-supplement)
<sup>1</sup> The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name.
console.log("error re-appyling value for '"+oPref.name+"' !");// should never happen
}
}
}
letmyArr=aBACKUP;
letfound=false;
letaDbg=[];
focus();
myreset(aBACKUP);// reset all detected prefs
if(confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")){
if(confirm("if the problem still exists click OK, otherwise click cancel.")){
myArr=myArr.slice(parseInt(myArr.length/2));
if(myArr.length==1){
alert("The problem is caused by more than 1 pref !\n\nNarrowed it down to "+aDbg.length.toString()+" prefs, check the console ...");
break;
}
aTmp=aTmp.slice(_h(aTmp));
}else{
myArr=myArr.slice(0,parseInt(myArr.length/2));
aDbg=myArr;
if(myArr.length==1){found=true;break;}
aTmp=aTmp.slice(0,_h(aTmp));
aDbg=aTmp;// update narrowed down list
if(aDbg.length==1)break;
}
reapply(aBACKUP);
myreset(myArr.slice(0,parseInt(myArr.length/2)));// reset half of the remaining prefs
reapply(aALL);
myreset(aTmp.slice(0,_h(aTmp)));// reset half of the remaining prefs
}
reapply(aBACKUP);
reapply(aALL);
if(aDbg.length==1)returnalert("narrowed it down to:\n\n"+aDbg[0].name+"\n");
if(aDbg.length==aALL.length){
letmsg="Failed to narrow it down beyond the initial "+aALL.length+" prefs. The problem is most likely caused by at least 2 prefs!\n\n";
msg+="Either those prefs are too far apart in the list or there are exactly 2 culprits and they just happen to be at the wrong place.\n\n";
msg+="In case it's the latter, the script can add a dummy pref and you can try again - Try again?";
if(confirm(msg))return_main([...aALL,oFILLER]);
}elseif(aDbg.length>10&&confirm("Narrowed it down to "+aDbg.length+" prefs. Try narrowing it down further?")){
return_main(aDbg.reverse());
}
alert("Narrowed it down to "+aDbg.length.toString()+" prefs, check the console ...");
console.log("The problem is caused by 2 or more of these prefs:");
for(constoPrefofaDbg)console.log(oPref.name);
}
else{
reapply(aBACKUP);
resetAllMatchingDefault(aPREFS);// reset user-set prefs matching FFs default value
constaBAK=getMyList(aPREFS);
//console.log(aBAK.length, "user-set prefs from our list detected and their values stored.");
focus();
myreset(aBAK);
if(!confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")){
reapply(aBAK);
return;
}
if(found){
alert("narrowed it down to:\n\n"+myArr[0].name+"\n");
myreset(myArr);// reset the culprit
}
else{
console.log("the problem is caused by a combination of the following prefs:");
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
