summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndré Fabian Silva Delgado <emulatorman@parabola.nu>2015-07-01 09:03:44 -0300
committerAndré Fabian Silva Delgado <emulatorman@parabola.nu>2015-07-01 09:03:44 -0300
commit6754d5ea997f61e6df67ff782e8b2c7507495595 (patch)
tree3955a60377987707afc1e827e982b486c3b2c60b
parent14b590025d65d1b7e6ebb31d977ebbfffd04fde3 (diff)
downloadabslibre-6754d5ea997f61e6df67ff782e8b2c7507495595.tar.gz
abslibre-6754d5ea997f61e6df67ff782e8b2c7507495595.tar.bz2
abslibre-6754d5ea997f61e6df67ff782e8b2c7507495595.zip
iceweasel: The logjam attack [https://weakdh.org/] allows an attacker to impersonate servers that support weak keys. This change implements https://addons.mozilla.org/en-US/firefox/addon/disable-dhe/
-rw-r--r--libre/iceweasel/PKGBUILD2
-rw-r--r--libre/iceweasel/vendor.js6
2 files changed, 7 insertions, 1 deletions
diff --git a/libre/iceweasel/PKGBUILD b/libre/iceweasel/PKGBUILD
index ff1e0a387..54dd453cf 100644
--- a/libre/iceweasel/PKGBUILD
+++ b/libre/iceweasel/PKGBUILD
@@ -61,7 +61,7 @@ sha256sums=('a0011a4e9078cc2e50a48f76fef3506360d3ab32507b0eef47404dc6d3bd022c'
'56eba484179c7f498076f8dc603d8795e99dce8c6ea1da9736318c59d666bff6'
'2257dc69886bd0b72c48675a27c3a88b9cf6b598252c9e9f1c99763180684fc3'
'3aea6676f1e53a09673b6ae219d281fc28054beb6002b09973611c02f827651d'
- 'ebdbce871dd67b7d7de9e2e7c2f180e8a9eae4e26d2b762b2028fe0fc5636050'
+ 'f1abfe74f715b33feb8ca00062cc8bf2498c3ebc641eb7b5f231f786b4227c36'
'68e3a5b47c6d175cc95b98b069a15205f027cab83af9e075818d38610feb6213')
prepare() {
diff --git a/libre/iceweasel/vendor.js b/libre/iceweasel/vendor.js
index a1e41cef2..2135bf4aa 100644
--- a/libre/iceweasel/vendor.js
+++ b/libre/iceweasel/vendor.js
@@ -157,3 +157,9 @@ pref("app.faqURL", "http://libreplanet.org/wiki/Group:IceCat/FAQ");
// PFS URL
pref("pfs.datasource.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
pref("pfs.filehint.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
+
+// https://directory.fsf.org/wiki/Disable_DHE
+pref("security.ssl3.dhe_rsa_aes_128_sha", false);
+pref("security.ssl3.dhe_rsa_aes_256_sha", false);
+pref("security.ssl3.dhe_dss_aes_128_sha", false);
+pref("security.ssl3.dhe_rsa_des_ede3_sha", false);