roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-06-05 16:09:02 +00:00
Code Issues Projects Releases Wiki Activity
1,500 Commits 9 Branches 1 Tag
438f6dca751f251211061350caa49c856447ba71
Commit Graph

24 Commits

Author SHA1 Message Date
NTD b3a189d2de Follow up to 7bd7e8a - *aState needs both STATE_IS_SECURE and STATE_SECURE_HIGH on re-eval of mixed content 2018-07-25 06:52:56 +08:00
Pale Moon 3ca7947b8a Reset mixed-mode page status to secure if no actual load has occurred through the mixed content blocker. 
This should take care of injection of non-network URIs that aren't same origin (e.g. extension-sourced data: URIs) triggering mixed-mode warnings.
Assumption here is that data: URIs are safe if "local"; this is a security trade-off that should be acceptable.
 2018-07-25 06:52:49 +08:00
Pale Moon 3398a810ae Update HSTS preload list. 
Tag #62.
 2018-07-25 06:51:16 +08:00
Pale Moon e4f0d12b2c Enable AES256-GCM for accessibility to overly-strict sites that do not offer ChaCha20. 2018-07-25 06:50:59 +08:00
Pale Moon 348757ed67 Extend {EnabledWeakCiphers} bit field to allow more cipher suites. 2018-07-25 06:50:53 +08:00
Pale Moon 36fc143339 Add AES256-GCM suites to secmanager. 
Disabled by default for known wasted performance (40%) on a suite weaker to key attacks than AES128.
 2018-07-25 06:50:51 +08:00
Pale Moon 8df1603dfd Enable ChaCha20-Poly1305 suites. 2018-07-25 06:50:49 +08:00
Pale Moon 5546cc421e Temporarily disable Camellia-GCM suites in secmanager. 2018-07-25 06:50:45 +08:00
Pale Moon 572a49f9b6 Provide better file name suggestions when exporting certs. 2018-07-25 06:43:51 +08:00
trav90 17da3b2364 Update HSTS Preload list 2018-07-25 06:42:57 +08:00
Pale Moon 9739829d2d Don't write HSTS site state to file if HSTS has been user-disabled. 
This also adds a missing pref observer.
Follow-up to 9bc65e235b62c4e84c69f301bd89de29769f4abf.
 2018-07-25 06:36:48 +08:00
Pale Moon 8bd908fa4b Reinstate network.stricttransportsecurity.enabled HSTS switch. 
Defaults to enabled (HSTS on) but can be flipped to disable the use of the HSTS mechanism, trading security for privacy.
This resolves #830.
 2018-07-25 06:36:25 +08:00
trav90 e035fc775e Update HSTS preload list 2018-07-25 06:22:07 +08:00
trav90 1ab1dc37b6 Update HSTS preload list 2018-07-25 01:30:01 +08:00
Pale Moon 4b96ad2190 HSTS preload list update. 
Tag #62.
 2018-07-25 01:18:04 +08:00
Pale Moon b142256756 Update list of known CA root hashes 2018-07-25 01:05:11 +08:00
wolfbeast 131363dc30 Fix SSL status ambiguity. 
- Adds CipherSuite string with the full suite
- Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.

This is a reimplementation of 811ce3ff4939b7ece26ad5f99878fc58b92edf7c for Tycho.
 2018-07-25 00:55:11 +08:00
trav90 d07f653690 Remove FF references in getHSTSPreloadList.js 2018-07-24 23:39:50 +08:00
trav90 afa5e10326 Update HSTS Preload List 2018-07-24 23:39:44 +08:00
wolfbeast edcc56de80 Hook up less common cipher suites + move RC4 to disabled section. 2018-07-24 23:11:55 +08:00
wolfbeast f1ad132236 Update TLS intolerant fallback handling: 
- Disable false starts
- Disable fallback to RC4
- Update whitelist that should override the default for insecure fallbacks
 2018-07-24 23:11:55 +08:00
wolfbeast e52817d90a Security: Hook up Camellia ciphers, disable RC4. 2018-07-24 23:11:54 +08:00
wolfbeast 5ee6187aad Prep tree for forward-porting Goanna, stage 1 2018-07-24 23:10:50 +08:00
Moonchild baf46a6bf1 Merge pull request #1 from mozilla/esr38: Esr38 upstream pull 2018-07-24 23:04:07 +08:00