commit c974b3252dc4bc67104382058280c5d455f9f87e
parent 480933484fbce3bf4e9147e5429eefbb646c91f6
Author: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Fri, 22 Jan 2021 12:10:15 +0000
move [STATS] from 1270 to 1201, #1094
Diffstat:
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/user.js b/user.js
@@ -629,9 +629,11 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
* if it disables renegotiations but the problem is that the browser can't know that.
* Setting this pref to true is the only way for the browser to ensure there will be
* no unsafe renegotiations on the channel between the browser and the server.
+ * [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation [4]
* [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://tools.ietf.org/html/rfc5746
- * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 ***/
+ * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
+ * [4] https://www.ssllabs.com/ssl-pulse/ ***/
user_pref("security.ssl.require_safe_negotiation", true);
/* 1202: control TLS versions with min and max
* 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
@@ -766,10 +768,8 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false);
/** UI (User Interface) ***/
/* 1270: display warning on the padlock for "broken security" (if 1201 is false)
* Bug: warning padlock not indicated for subresources on a secure page! [2]
- * [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation [3]
* [1] https://wiki.mozilla.org/Security:Renegotiation
- * [2] https://bugzilla.mozilla.org/1353705
- * [3] https://www.ssllabs.com/ssl-pulse/ ***/
+ * [2] https://bugzilla.mozilla.org/1353705 ***/
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
/* 1271: control "Add Security Exception" dialog on SSL warnings
* 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)
