roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-06-09 18:09:16 +00:00
Code Issues Projects Releases Wiki Activity
1,618 Commits 9 Branches 1 Tag
9c1bc3096594de84b6847d3edcfcda3462457d8a
Commit Graph

23 Commits

Author SHA1 Message Date
Pale Moon 7a9da4168c Allocate more memory for processing (stupidly) large PAC files. 2018-07-25 07:03:17 +08:00
janekptacijarabaci 68c5139b0d A channel suspend()-ed in http-on-modify-request shouldn't send out any traffic until resume()-d 2018-07-25 07:02:45 +08:00
janekptacijarabaci f20d42357a The referrer policy specification where origin-when-crossorigin should actually be origin-when-cross-origin (fix typo) 2018-07-25 06:59:55 +08:00
Pale Moon 2a7cc300c0 Reconfigure network security: 
- Enable 128-bit RSA+AES+SHA256 suites
- Disable all static DHE suites because:
  * There's no way to negotiate DH key sizes.
  * It's barely in use and when it is, it can fall back to RSA
  * We now have broader RSA/AES support with stronger SHA-HMAC
 2018-07-25 06:59:35 +08:00
Pale Moon c9ad97a8f5 Add support for RSA+AES+SHA256/384 suites for web compatibility. 
This adds the following suites for web compatibility despite the
deprecated RSA key exchange that makes little sense with a
very strong HMAC or GCM:

TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256

Only the 256-bit ones are enabled by default.
 2018-07-25 06:58:58 +08:00
Pale Moon e4f0d12b2c Enable AES256-GCM for accessibility to overly-strict sites that do not offer ChaCha20. 2018-07-25 06:50:59 +08:00
Pale Moon 36fc143339 Add AES256-GCM suites to secmanager. 
Disabled by default for known wasted performance (40%) on a suite weaker to key attacks than AES128.
 2018-07-25 06:50:51 +08:00
Pale Moon 8df1603dfd Enable ChaCha20-Poly1305 suites. 2018-07-25 06:50:49 +08:00
Pale Moon 5546cc421e Temporarily disable Camellia-GCM suites in secmanager. 2018-07-25 06:50:45 +08:00
janekptacijarabaci 5a0265ef97 Crypto Services (utils): Support for SHA256-512 (+ 224) 2018-07-25 06:47:57 +08:00
Pale Moon 3d71c559aa Make ArrayBufferInputStream copy its input buffer. 2018-07-25 06:22:26 +08:00
Pale Moon 62cbc3f0c6 Part 1: Revert Bug 1125784 2018-07-25 01:03:30 +08:00
wolfbeast 131363dc30 Fix SSL status ambiguity. 
- Adds CipherSuite string with the full suite
- Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.

This is a reimplementation of 811ce3ff4939b7ece26ad5f99878fc58b92edf7c for Tycho.
 2018-07-25 00:55:11 +08:00
wolfbeast 4b901b8210 Update security prefs for SWEET32. 
This also re-organizes the pref blocks and adds comments supplying reason(s) for disabled suites.
 2018-07-24 23:39:42 +08:00
wolfbeast 311d718dbd Fix path typo. 2018-07-24 23:17:02 +08:00
trav90 052e58f015 Remove GnomeVFS extension 2018-07-24 23:12:24 +08:00
wolfbeast 78964b42e3 Potential crash fix for bogus URLs 2018-07-24 23:12:13 +08:00
wolfbeast edcc56de80 Hook up less common cipher suites + move RC4 to disabled section. 2018-07-24 23:11:55 +08:00
wolfbeast f1ad132236 Update TLS intolerant fallback handling: 
- Disable false starts
- Disable fallback to RC4
- Update whitelist that should override the default for insecure fallbacks
 2018-07-24 23:11:55 +08:00
wolfbeast e52817d90a Security: Hook up Camellia ciphers, disable RC4. 2018-07-24 23:11:54 +08:00
wolfbeast 53761b6336 Prep tree for forward-porting Goanna: stage 2 2018-07-24 23:11:02 +08:00
wolfbeast 5ee6187aad Prep tree for forward-porting Goanna, stage 1 2018-07-24 23:10:50 +08:00
Moonchild baf46a6bf1 Merge pull request #1 from mozilla/esr38: Esr38 upstream pull 2018-07-24 23:04:07 +08:00