commit a6d20eaf5b4d6fc306257cf56beb89595c6be173
parent b93a5e334c1f66d1a2cb7b7b79dfe506805c888e
Author: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 23 Jun 2021 16:22:10 +0000
1264: update ciphers, fixes #1196 (#1197)
Diffstat:
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/user.js b/user.js
@@ -740,8 +740,8 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false);
// user_pref("dom.securecontext.whitelist_onions", true);
/** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro]
- * These are all the ciphers still using SHA-1 and CBC which are weaker than the available alternatives. (see "Cipher Suites" in [1])
- * Additionally some have other weaknesses like key sizes of 128 (or lower) [2] and/or no Perfect Forward Secrecy [3].
+ * These are the ciphers listed under "Cipher Suites" [1] that are either still using SHA-1 and CBC,
+ * and/or are missing Perfect Forward Secrecy [3] and/or have other weaknesses like key sizes of 128
* [1] https://browserleaks.com/ssl
* [2] https://en.wikipedia.org/wiki/Key_size
* [3] https://en.wikipedia.org/wiki/Forward_secrecy
@@ -756,6 +756,8 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false);
// user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
+ // user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS
+ // user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS
// user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS
