Issue #1831 - Add an option to enable TLS 1.3 "compatibility" mode.

Critical note: this potentially reduces the strength of TLS 1.3 and should only be enabled if absolutely necessary to access a site. A browser restart is required for the pref change to take effect as it is set on NSS initialization. Resolves #1831
author: Moonchild <moonchild@palemoon.org> 2021-10-11 22:16:04 +0000
committer: Moonchild <moonchild@palemoon.org> 2022-04-01 14:52:46 +0200
commit: 1caa678592ac5c372975bdaa24ce01b470349b1f (patch)
tree: 8c40267af010fb9469c11545eeeacac312680f07 /netwerk
parent: ddaee7c1be914cc28a28cbe27e5922215b3b2e6f (diff)
download: uxp-1caa678592ac5c372975bdaa24ce01b470349b1f.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js
index 973c731239..745f1072c8 100644
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -120,6 +120,12 @@ pref("security.webauth.u2f_enable_usbtoken", false);
 // OCSP must-staple
 pref("security.ssl.enable_ocsp_must_staple", true);
 
+// Enable TLS 1.3 compatmode version for bad middleware boxes?
+// This is a holdover from the later draft specs and SHOULD NOT be enabled by
+// default. ONLY use this when you explicitly need it. You have been warned!
+// Restart required.
+pref("security.ssl.enable_tls13_compat_mode", false);
+
 // If a request is mixed-content, send an HSTS priming request to attempt to
 // see if it is available over HTTPS.
 pref("security.mixed_content.send_hsts_priming", true);
author	Moonchild <moonchild@palemoon.org>	2021-10-11 22:16:04 +0000
committer	Moonchild <moonchild@palemoon.org>	2022-04-01 14:52:46 +0200
commit	1caa678592ac5c372975bdaa24ce01b470349b1f (patch)
tree	8c40267af010fb9469c11545eeeacac312680f07 /netwerk
parent	ddaee7c1be914cc28a28cbe27e5922215b3b2e6f (diff)
download	uxp-1caa678592ac5c372975bdaa24ce01b470349b1f.tar.gz