mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-06-09 09:58:57 +00:00
Pale Moon
2a7cc300c0
- Enable 128-bit RSA+AES+SHA256 suites - Disable all static DHE suites because: * There's no way to negotiate DH key sizes. * It's barely in use and when it is, it can fall back to RSA * We now have broader RSA/AES support with stronger SHA-HMAC
86 lines
4.3 KiB
JavaScript
86 lines
4.3 KiB
JavaScript
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
pref("security.tls.version.min", 1);
|
|
pref("security.tls.version.max", 3);
|
|
|
|
/* The lowest protocol version the handshake may insecurely fall back to
|
|
Disabled by default (only fall back to highest = no fallback) but
|
|
can be lowered to 1 if environments require this */
|
|
pref("security.tls.version.fallback-limit", 3);
|
|
|
|
pref("security.tls.insecure_fallback_hosts", "");
|
|
pref("security.tls.insecure_fallback_hosts.use_static_list", true);
|
|
|
|
pref("security.tls.unrestricted_rc4_fallback", false);
|
|
|
|
pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
|
|
pref("security.ssl.require_safe_negotiation", false);
|
|
pref("security.ssl.warn_missing_rfc5746", 1);
|
|
pref("security.ssl.enable_ocsp_stapling", true);
|
|
pref("security.ssl.enable_false_start", false);
|
|
pref("security.ssl.false_start.require-npn", false);
|
|
pref("security.ssl.enable_npn", true);
|
|
pref("security.ssl.enable_alpn", true);
|
|
|
|
// Cipher suites enabled by default
|
|
pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true);
|
|
pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true);
|
|
pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
|
|
pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
|
|
pref("security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384", true);
|
|
pref("security.ssl3.ecdhe_rsa_aes_256_gcm_sha384", true);
|
|
pref("security.ssl3.ecdhe_rsa_aes_128_sha", true);
|
|
pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true);
|
|
pref("security.ssl3.ecdhe_rsa_aes_256_sha", true);
|
|
pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true);
|
|
pref("security.ssl3.rsa_aes_256_gcm_sha384", true);
|
|
pref("security.ssl3.rsa_aes_256_sha256", true);
|
|
pref("security.ssl3.rsa_aes_128_gcm_sha256", false);
|
|
pref("security.ssl3.rsa_aes_128_sha256", false);
|
|
pref("security.ssl3.rsa_aes_128_sha", true);
|
|
pref("security.ssl3.rsa_camellia_128_sha", true);
|
|
pref("security.ssl3.rsa_aes_256_sha", true);
|
|
pref("security.ssl3.rsa_camellia_256_sha", true);
|
|
|
|
// Cipher suites disabled by default //Reason:
|
|
pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false); //3DES
|
|
pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); //RC4
|
|
pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); //RC4
|
|
pref("security.ssl3.rsa_fips_des_ede3_sha", false); //FIPS,3DES
|
|
pref("security.ssl3.dhe_rsa_des_ede3_sha", false); //3DES
|
|
pref("security.ssl3.dhe_dss_camellia_256_sha", false); //DHE+DSS
|
|
pref("security.ssl3.dhe_dss_camellia_128_sha", false); //DHE+DSS
|
|
pref("security.ssl3.dhe_dss_aes_128_sha", false); //DHE+DSS
|
|
pref("security.ssl3.dhe_dss_aes_256_sha", false); //DHE+DSS
|
|
pref("security.ssl3.dhe_rsa_aes_128_sha", false); //DHE+RSA
|
|
pref("security.ssl3.dhe_rsa_camellia_128_sha", false); //DHE+RSA
|
|
pref("security.ssl3.dhe_rsa_aes_256_sha", false); //DHE+RSA
|
|
pref("security.ssl3.dhe_rsa_camellia_256_sha", false); //DHE+RSA
|
|
pref("security.ssl3.ecdh_ecdsa_aes_256_sha", false); //Non-ephemeral
|
|
pref("security.ssl3.ecdh_ecdsa_aes_128_sha", false); //Non-ephemeral
|
|
pref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false); //Non-ephemeral,3DES
|
|
pref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); //Non-ephemeral,RC4
|
|
pref("security.ssl3.ecdh_rsa_aes_256_sha", false); //Non-ephemeral
|
|
pref("security.ssl3.ecdh_rsa_aes_128_sha", false); //Non-ephemeral
|
|
pref("security.ssl3.ecdh_rsa_des_ede3_sha", false); //Non-ephemeral,3DES
|
|
pref("security.ssl3.ecdh_rsa_rc4_128_sha", false); //Non-ephemeral,RC4
|
|
pref("security.ssl3.rsa_seed_sha", false); //In disuse
|
|
pref("security.ssl3.rsa_des_ede3_sha", false); //3DES
|
|
pref("security.ssl3.rsa_rc4_128_sha", false); //RC4
|
|
pref("security.ssl3.rsa_rc4_128_md5", false); //RC4,MD5
|
|
|
|
pref("security.default_personal_cert", "Ask Every Time");
|
|
pref("security.remember_cert_checkbox_default_setting", true);
|
|
pref("security.ask_for_password", 0);
|
|
pref("security.password_lifetime", 30);
|
|
|
|
pref("security.OCSP.enabled", 1);
|
|
pref("security.OCSP.require", false);
|
|
pref("security.OCSP.GET.enabled", false);
|
|
|
|
pref("security.ssl.errorReporting.enabled", false);
|
|
pref("security.ssl.errorReporting.url", "https://data.mozilla.com/submit/sslreports");
|
|
pref("security.ssl.errorReporting.automatic", false);
|