diff options
| author | Pale Moon <git-repo@palemoon.org> | 2017-03-22 01:09:24 +0100 |
|---|---|---|
| committer | Pale Moon <git-repo@palemoon.org> | 2017-03-22 01:09:24 +0100 |
| commit | 265f66500cfc9685e18a80b94d05fca834e01fa6 (patch) | |
| tree | e66aa9e3868f32731e8e7f56ba10863f523da241 /netwerk/base | |
| parent | e2ba285b9b1589b7f96fddd4c30780076e8dc129 (diff) | |
| download | palemoon-gre-265f66500cfc9685e18a80b94d05fca834e01fa6.tar.gz | |
Add support for RSA+AES+SHA256/384 suites for web compatibility.
This adds the following suites for web compatibility despite the
deprecated RSA key exchange that makes little sense with a
very strong HMAC or GCM:
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
Only the 256-bit ones are enabled by default.
Diffstat (limited to 'netwerk/base')
| -rw-r--r-- | netwerk/base/security-prefs.js | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index b1b8c7d81..c53521363 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -39,6 +39,8 @@ pref("security.ssl3.dhe_rsa_aes_128_sha", true); pref("security.ssl3.dhe_rsa_camellia_128_sha", true); pref("security.ssl3.dhe_rsa_aes_256_sha", true); pref("security.ssl3.dhe_rsa_camellia_256_sha", true); +pref("security.ssl3.rsa_aes_256_gcm_sha384", true); +pref("security.ssl3.rsa_aes_256_sha256", true); pref("security.ssl3.rsa_aes_128_sha", true); pref("security.ssl3.rsa_camellia_128_sha", true); pref("security.ssl3.rsa_aes_256_sha", true); @@ -66,6 +68,8 @@ pref("security.ssl3.rsa_seed_sha", false); //In disuse pref("security.ssl3.rsa_des_ede3_sha", false); //3DES pref("security.ssl3.rsa_rc4_128_sha", false); //RC4 pref("security.ssl3.rsa_rc4_128_md5", false); //RC4,MD5 +pref("security.ssl3.rsa_aes_128_gcm_sha256", false); //RSA+SHA256 +pref("security.ssl3.rsa_aes_128_sha256", false); //RSA+SHA256 pref("security.default_personal_cert", "Ask Every Time"); pref("security.remember_cert_checkbox_default_setting", true); |