25 lines
1.1 KiB
Diff
25 lines
1.1 KiB
Diff
|
Re-enable the DHE (Ephemeral Diffie-Hellman) cipher suites, which IceCat
|
||
|
38.6.0 disabled by default to avoid the Logjam attack. This issue was
|
||
|
fixed in NSS version 3.19.1 by limiting the lower strength of supported
|
||
|
DHE keys to use 1023 bit primes, so we can enable these cipher suites
|
||
|
safely. The DHE cipher suites are needed to allow IceCat to connect to
|
||
|
many sites, including https://gnupg.org/.
|
||
|
|
||
|
Patch by Mark H Weaver <mhw@netris.org>
|
||
|
|
||
|
--- icecat-38.6.0/browser/app/profile/icecat.js.orig 1969-12-31 19:00:00.000000000 -0500
|
||
|
+++ icecat-38.6.0/browser/app/profile/icecat.js 2016-02-06 00:48:23.826170154 -0500
|
||
|
@@ -2061,12 +2061,6 @@
|
||
|
pref("security.ssl3.rsa_des_ede3_sha", false);
|
||
|
pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
|
||
|
pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
|
||
|
-// https://directory.fsf.org/wiki/Disable_DHE
|
||
|
-// Avoid logjam attack
|
||
|
-pref("security.ssl3.dhe_rsa_aes_128_sha", false);
|
||
|
-pref("security.ssl3.dhe_rsa_aes_256_sha", false);
|
||
|
-pref("security.ssl3.dhe_dss_aes_128_sha", false);
|
||
|
-pref("security.ssl3.dhe_rsa_des_ede3_sha", false);
|
||
|
//Optional
|
||
|
//Perfect forward secrecy
|
||
|
// pref("security.ssl3.rsa_aes_256_sha", false);
|