Skip to content

Commit

Permalink
116.1 (#221)
Browse files Browse the repository at this point in the history
* require_safe_negotiation breaks EA
  • Loading branch information
yokoffing authored Sep 5, 2023
1 parent 288676b commit dd49bca
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
7 changes: 4 additions & 3 deletions Securefox.js
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@

/****************************************************************************
* Securefox *
* "Natura non contristatur" *
* "Natura non contristatur" *
* priority: provide sensible security and privacy *
* version: 116 *
* version: 116.1 *
* url: https://github.com/yokoffing/Betterfox *
****************************************************************************/

Expand Down Expand Up @@ -276,6 +276,7 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);

// PREF: require safe negotiation
// [ERROR] SSL_ERROR_UNSAFE_NEGOTIATION
// [WARNING] Breaks ea.com login (Sep 2023).
// Blocks connections to servers that don't support RFC 5746 [2]
// as they're potentially vulnerable to a MiTM attack [3].
// A server without RFC 5746 can be safe from the attack if it
Expand All @@ -288,7 +289,7 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
// [2] https://datatracker.ietf.org/doc/html/rfc5746
// [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
// [4] https://www.ssllabs.com/ssl-pulse/
user_pref("security.ssl.require_safe_negotiation", true);
//user_pref("security.ssl.require_safe_negotiation", true);

// PREF: display advanced information on Insecure Connection warning pages
// [TEST] https://expired.badssl.com/
Expand Down
3 changes: 1 addition & 2 deletions user.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
/****************************************************************************
* Betterfox *
* "Ad meliora" *
* version: 116 *
* version: 116.1 *
* url: https://github.com/yokoffing/Betterfox *
****************************************************************************/

Expand Down Expand Up @@ -85,7 +85,6 @@ user_pref("security.cert_pinning.enforcement_level", 2);

/** SSL / TLS ***/
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
user_pref("security.ssl.require_safe_negotiation", true);
user_pref("browser.xul.error_pages.expert_bad_cert", true);
user_pref("security.tls.enable_0rtt_data", false);

Expand Down

0 comments on commit dd49bca

Please sign in to comment.