11 Commits

Author	SHA1	Message	Date
Pale Moon	2a7cc300c0	Reconfigure network security: ... - Enable 128-bit RSA+AES+SHA256 suites - Disable all static DHE suites because: * There's no way to negotiate DH key sizes. * It's barely in use and when it is, it can fall back to RSA * We now have broader RSA/AES support with stronger SHA-HMAC	2018-07-25 06:59:35 +08:00
Pale Moon	c9ad97a8f5	Add support for RSA+AES+SHA256/384 suites for web compatibility. ... This adds the following suites for web compatibility despite the deprecated RSA key exchange that makes little sense with a very strong HMAC or GCM: TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 Only the 256-bit ones are enabled by default.	2018-07-25 06:58:58 +08:00
Pale Moon	e4f0d12b2c	Enable AES256-GCM for accessibility to overly-strict sites that do not offer ChaCha20.	2018-07-25 06:50:59 +08:00
Pale Moon	36fc143339	Add AES256-GCM suites to secmanager. ... Disabled by default for known wasted performance (40%) on a suite weaker to key attacks than AES128.	2018-07-25 06:50:51 +08:00
Pale Moon	8df1603dfd	Enable ChaCha20-Poly1305 suites.	2018-07-25 06:50:49 +08:00
Pale Moon	5546cc421e	Temporarily disable Camellia-GCM suites in secmanager.	2018-07-25 06:50:45 +08:00
wolfbeast	4b901b8210	Update security prefs for SWEET32. ... This also re-organizes the pref blocks and adds comments supplying reason(s) for disabled suites.	2018-07-24 23:39:42 +08:00
wolfbeast	edcc56de80	Hook up less common cipher suites + move RC4 to disabled section.	2018-07-24 23:11:55 +08:00
wolfbeast	f1ad132236	Update TLS intolerant fallback handling: ... - Disable false starts - Disable fallback to RC4 - Update whitelist that should override the default for insecure fallbacks	2018-07-24 23:11:55 +08:00
wolfbeast	e52817d90a	Security: Hook up Camellia ciphers, disable RC4.	2018-07-24 23:11:54 +08:00
Moonchild	baf46a6bf1	Merge pull request #1 from mozilla/esr38: Esr38 upstream pull	2018-07-24 23:04:07 +08:00