Issue #3004 - Add an option to enable TLS 1.3 "compatibility" mode.

Critical note: this potentially reduces the strength of TLS 1.3 and should only be enabled if absolutely necessary to access a site. A browser restart is required for the pref change to take effect as it is set on NSS initialization.
author: Moonchild <moonchild@palemoon.org> 2021-10-11 22:16:04 +0000
committer: Moonchild <moonchild@palemoon.org> 2021-11-05 11:34:02 +0000
commit: d3163822fbb2f203b7eca1e21f35b637f09981e9 (patch)
tree: 1e5d235cad2c68600fca6c6b0405dde210da0802 /netwerk/base
parent: 7b636b886906f0334e2159f473931c4f6443fae9 (diff)
download: uxp-d3163822fbb2f203b7eca1e21f35b637f09981e9.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js
index 973c731239..745f1072c8 100644
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -120,6 +120,12 @@ pref("security.webauth.u2f_enable_usbtoken", false);
 // OCSP must-staple
 pref("security.ssl.enable_ocsp_must_staple", true);
 
+// Enable TLS 1.3 compatmode version for bad middleware boxes?
+// This is a holdover from the later draft specs and SHOULD NOT be enabled by
+// default. ONLY use this when you explicitly need it. You have been warned!
+// Restart required.
+pref("security.ssl.enable_tls13_compat_mode", false);
+
 // If a request is mixed-content, send an HSTS priming request to attempt to
 // see if it is available over HTTPS.
 pref("security.mixed_content.send_hsts_priming", true);
author	Moonchild <moonchild@palemoon.org>	2021-10-11 22:16:04 +0000
committer	Moonchild <moonchild@palemoon.org>	2021-11-05 11:34:02 +0000
commit	d3163822fbb2f203b7eca1e21f35b637f09981e9 (patch)
tree	1e5d235cad2c68600fca6c6b0405dde210da0802 /netwerk/base
parent	7b636b886906f0334e2159f473931c4f6443fae9 (diff)
download	uxp-d3163822fbb2f203b7eca1e21f35b637f09981e9.tar.gz