diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2015-10-29 15:27:58 -0300 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2015-10-29 15:27:58 -0300 |
commit | 3c7a452d23ebf6e96f6745d717d8374bbb2e2c5b (patch) | |
tree | 2bbe779d17c0b53476fcd84ed189bcfef87a42f2 /libre/icecat/disable-general-crypto-hardening-settings.patch | |
parent | 30c46f99436701ca4d9f9f8aefb452115cf4efc9 (diff) |
icecat-38.3.0_gnu1-4: disable general crypto hardening settings for now
* fix connection to HTTPS Parabola website -> https://lists.parabola.nu/pipermail/assist/2015-October/000534.html
* fix bug #842 -> https://labs.parabola.nu/issues/842
Diffstat (limited to 'libre/icecat/disable-general-crypto-hardening-settings.patch')
-rw-r--r-- | libre/icecat/disable-general-crypto-hardening-settings.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/libre/icecat/disable-general-crypto-hardening-settings.patch b/libre/icecat/disable-general-crypto-hardening-settings.patch new file mode 100644 index 000000000..d84cdd2ea --- /dev/null +++ b/libre/icecat/disable-general-crypto-hardening-settings.patch @@ -0,0 +1,52 @@ +diff -Nur icecat-38.3.0.orig/browser/app/profile/icecat.js icecat-38.3.0/browser/app/profile/icecat.js +--- icecat-38.3.0.orig/browser/app/profile/icecat.js 2015-10-12 20:42:13.000000000 -0300 ++++ icecat-38.3.0/browser/app/profile/icecat.js 2015-10-29 14:03:09.377208716 -0300 +@@ -2046,14 +2046,14 @@ + // Crypto hardening + // https://gist.github.com/haasn/69e19fc2fe0e25f3cff5 + //General settings +-pref("security.tls.unrestricted_rc4_fallback", false); +-pref("security.tls.insecure_fallback_hosts.use_static_list", false); +-pref("security.tls.version.min", 1); +-pref("security.ssl.require_safe_negotiation", true); +-pref("security.ssl.treat_unsafe_negotiation_as_broken", true); +-pref("security.ssl3.rsa_seed_sha", true); +-pref("security.OCSP.enabled", 1); +-pref("security.OCSP.require", true); ++//pref("security.tls.unrestricted_rc4_fallback", false); ++//pref("security.tls.insecure_fallback_hosts.use_static_list", false); ++//pref("security.tls.version.min", 1); ++//pref("security.ssl.require_safe_negotiation", true); ++//pref("security.ssl.treat_unsafe_negotiation_as_broken", true); ++//pref("security.ssl3.rsa_seed_sha", true); ++//pref("security.OCSP.enabled", 1); ++//pref("security.OCSP.require", true); + //Disable unnecessary protocols + pref("security.ssl3.rsa_rc4_128_sha", false); + pref("security.ssl3.rsa_rc4_128_md5", false); +diff -Nur icecat-38.3.0.orig/mobile/android/app/mobile.js icecat-38.3.0/mobile/android/app/mobile.js +--- icecat-38.3.0.orig/mobile/android/app/mobile.js 2015-10-12 20:42:14.000000000 -0300 ++++ icecat-38.3.0/mobile/android/app/mobile.js 2015-10-29 14:03:24.623133800 -0300 +@@ -1008,14 +1008,14 @@ + // Crypto hardening + // https://gist.github.com/haasn/69e19fc2fe0e25f3cff5 + //General settings +-pref("security.tls.unrestricted_rc4_fallback", false); +-pref("security.tls.insecure_fallback_hosts.use_static_list", false); +-pref("security.tls.version.min", 1); +-pref("security.ssl.require_safe_negotiation", true); +-pref("security.ssl.treat_unsafe_negotiation_as_broken", true); +-pref("security.ssl3.rsa_seed_sha", true); +-pref("security.OCSP.enabled", 1); +-pref("security.OCSP.require", true); ++//pref("security.tls.unrestricted_rc4_fallback", false); ++//pref("security.tls.insecure_fallback_hosts.use_static_list", false); ++//pref("security.tls.version.min", 1); ++//pref("security.ssl.require_safe_negotiation", true); ++//pref("security.ssl.treat_unsafe_negotiation_as_broken", true); ++//pref("security.ssl3.rsa_seed_sha", true); ++//pref("security.OCSP.enabled", 1); ++//pref("security.OCSP.require", true); + //Disable unnecessary protocols + pref("security.ssl3.rsa_rc4_128_sha", false); + pref("security.ssl3.rsa_rc4_128_md5", false); |