From 30c46f99436701ca4d9f9f8aefb452115cf4efc9 Mon Sep 17 00:00:00 2001
From: André Fabian Silva Delgado <emulatorman@parabola.nu>
Date: Thu, 29 Oct 2015 13:56:14 -0300
Subject: iceweasel-1:41.0.2.deb1-3: disable general crypto hardening settings
 for now

* fix connection to HTTPS Parabola website -> https://lists.parabola.nu/pipermail/assist/2015-October/000534.html
* fix bug #842 -> https://labs.parabola.nu/issues/842
---
 libre/iceweasel/PKGBUILD  |  4 ++--
 libre/iceweasel/vendor.js | 16 ++++++++--------
 2 files changed, 10 insertions(+), 10 deletions(-)

(limited to 'libre')

diff --git a/libre/iceweasel/PKGBUILD b/libre/iceweasel/PKGBUILD
index cc105faf4..d8e223aef 100644
--- a/libre/iceweasel/PKGBUILD
+++ b/libre/iceweasel/PKGBUILD
@@ -24,7 +24,7 @@ debfile() { echo $@|sed -r 's@(.).*@\1/&/&@'; }
 pkgname=iceweasel
 epoch=1
 pkgver=$_debver.$_debrel
-pkgrel=2
+pkgrel=3
 
 pkgdesc="A libre version of Debian Iceweasel, the standalone web browser based on Mozilla Firefox."
 arch=(i686 x86_64)
@@ -61,7 +61,7 @@ sha256sums=('707d44ac9a73868c5f2fe1832945ae66b297a8b7eaee3d45a43ab767fe9447cc'
             '56eba484179c7f498076f8dc603d8795e99dce8c6ea1da9736318c59d666bff6'
             '2257dc69886bd0b72c48675a27c3a88b9cf6b598252c9e9f1c99763180684fc3'
             '3aea6676f1e53a09673b6ae219d281fc28054beb6002b09973611c02f827651d'
-            '481781aa1b4da21e58cbe88df2ca992250bf7a7cf7c79022393e4ba974fecaca'
+            '34ae0353976538eaefd109d36a769a03cde3447d662f366b0a7b2b3a6c054e54'
             '68e3a5b47c6d175cc95b98b069a15205f027cab83af9e075818d38610feb6213')
 
 prepare() {
diff --git a/libre/iceweasel/vendor.js b/libre/iceweasel/vendor.js
index b9386b559..d504c5706 100644
--- a/libre/iceweasel/vendor.js
+++ b/libre/iceweasel/vendor.js
@@ -123,14 +123,14 @@ pref("network.http.speculative-parallel-limit", 0);
 // Crypto hardening
 // https://gist.github.com/haasn/69e19fc2fe0e25f3cff5
 //General settings
-pref("security.tls.unrestricted_rc4_fallback", false);
-pref("security.tls.insecure_fallback_hosts.use_static_list", false);
-pref("security.tls.version.min", 1);
-pref("security.ssl.require_safe_negotiation", true);
-pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
-pref("security.ssl3.rsa_seed_sha", true);
-pref("security.OCSP.enabled", 1);
-pref("security.OCSP.require", true);
+//pref("security.tls.unrestricted_rc4_fallback", false);
+//pref("security.tls.insecure_fallback_hosts.use_static_list", false);
+//pref("security.tls.version.min", 1);
+//pref("security.ssl.require_safe_negotiation", true);
+//pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
+//pref("security.ssl3.rsa_seed_sha", true);
+//pref("security.OCSP.enabled", 1);
+//pref("security.OCSP.require", true);
 //Disable unnecessary protocols
 pref("security.ssl3.rsa_rc4_128_sha", false);
 pref("security.ssl3.rsa_rc4_128_md5", false);
-- 
cgit v1.2.3-54-g00ecf