icecat: The logjam attack [https://weakdh.org/] allows an attacker to impersonate servers that support weak keys. This change implements https://addons.mozilla.org/en-US/firefox/addon/disable-dhe/

2 files changed, 7 insertions, 1 deletions

diff --git a/libre/icecat/PKGBUILD b/libre/icecat/PKGBUILD
index 089e05fe8..79313612b 100644
--- a/libre/icecat/PKGBUILD
+++ b/libre/icecat/PKGBUILD
@@ -51,7 +51,7 @@ sha256sums=('57ddd9a3b2875dc3f1bfbb0f6d8fd5551775f1f68cc4237f6f4251a7ca954528'
             '93e3001ce152e1d142619e215a9ef07dd429943b99d21726c25da9ceb31e31cd'
             '52df9ffeb52166ed4abd9a132ee4a9017b9c4980f0725ba383610ccfb06d4745'
             '5bdab2de5520fb4d3dbc453d9f73d20e0e077bf652bc780fc17184ba6c718a47'
-            '977aa49b940f1da049cefa2878a63ac6669a78e63e9d55bb11db7b8f8fb64c33'
+            'de9474f400657082c9ff7c4c3c228cb7d4a818fa358e748286f1bbdec9798488'
             'd25c6e95d20ec622a51346897d986fdd97074023d6a02bee0533773a195f8233'
             '68e3a5b47c6d175cc95b98b069a15205f027cab83af9e075818d38610feb6213'
             'd57d0e4d5bc66323388e8f3c9999ed443abfd304a28a1696cc6f4518ed0d0f2a')
diff --git a/libre/icecat/vendor.js b/libre/icecat/vendor.js
index 32fddb8db..e9c424224 100644
--- a/libre/icecat/vendor.js
+++ b/libre/icecat/vendor.js
@@ -26,3 +26,9 @@ pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
 pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
 pref("security.ssl3.rsa_rc4_128_md5", false);
 pref("security.ssl3.rsa_rc4_128_sha", false);
+
+// https://directory.fsf.org/wiki/Disable_DHE
+pref("security.ssl3.dhe_rsa_aes_128_sha", false);
+pref("security.ssl3.dhe_rsa_aes_256_sha", false);
+pref("security.ssl3.dhe_dss_aes_128_sha", false);
+pref("security.ssl3.dhe_rsa_des_ede3_sha", false);