1201: SSL renegotiation -> active, closes #519 - user.js - Unnamed repository; edit this file 'description' to name the repository.

commit 9e073ea5d5c2b928cd31698eeb227a1b2f362611
parent 732c438148511b3b32e7f1ce40486db3f2a3431d
Author: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date:   Tue, 16 Oct 2018 11:57:32 +0000

1201: SSL renegotiation -> active, closes #519
Diffstat:
M user.js  | 9 +++++----

1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/user.js b/user.js
@@ -710,10 +710,11 @@ user_pref("alerts.showFavicons", false); // default: false
 ***/
 user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
 /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/
-/* 1201: disable old SSL/TLS - vulnerable to a MiTM attack
- * [WARNING] Tested Feb 2017 - still breaks too many sites
- * [1] https://wiki.mozilla.org/Security:Renegotiation ***/
-   // user_pref("security.ssl.require_safe_negotiation", true);
+/* 1201: disable old SSL/TLS "insecure" renegotiation (vulnerable to a MiTM attack)
+ * [WARNING] <2% of secure sites do NOT support the newer "secure" renegotiation, see [2]
+ * [1] https://wiki.mozilla.org/Security:Renegotiation
+ * [2] https://www.ssllabs.com/ssl-pulse/ ***/
+user_pref("security.ssl.require_safe_negotiation", true);
 /* 1202: control TLS versions with min and max
  * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc
  * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1

	user.js Unnamed repository; edit this file 'description' to name the repository.
	Log \| Files \| Refs \| README