iceweasel: The logjam attack [https://weakdh.org/] allows an attacker to impersonate servers that support weak keys. This change implements https://addons.mozilla.org/en-US/firefox/addon/disable-dhe/

2 files changed, 7 insertions, 1 deletions

diff --git a/libre/iceweasel/PKGBUILD b/libre/iceweasel/PKGBUILD
index ff1e0a387..54dd453cf 100644
--- a/libre/iceweasel/PKGBUILD
+++ b/libre/iceweasel/PKGBUILD
@@ -61,7 +61,7 @@ sha256sums=('a0011a4e9078cc2e50a48f76fef3506360d3ab32507b0eef47404dc6d3bd022c'
             '56eba484179c7f498076f8dc603d8795e99dce8c6ea1da9736318c59d666bff6'
             '2257dc69886bd0b72c48675a27c3a88b9cf6b598252c9e9f1c99763180684fc3'
             '3aea6676f1e53a09673b6ae219d281fc28054beb6002b09973611c02f827651d'
-            'ebdbce871dd67b7d7de9e2e7c2f180e8a9eae4e26d2b762b2028fe0fc5636050'
+            'f1abfe74f715b33feb8ca00062cc8bf2498c3ebc641eb7b5f231f786b4227c36'
             '68e3a5b47c6d175cc95b98b069a15205f027cab83af9e075818d38610feb6213')
 
 prepare() {
diff --git a/libre/iceweasel/vendor.js b/libre/iceweasel/vendor.js
index a1e41cef2..2135bf4aa 100644
--- a/libre/iceweasel/vendor.js
+++ b/libre/iceweasel/vendor.js
@@ -157,3 +157,9 @@ pref("app.faqURL", "http://libreplanet.org/wiki/Group:IceCat/FAQ");
 // PFS URL
 pref("pfs.datasource.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
 pref("pfs.filehint.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
+
+// https://directory.fsf.org/wiki/Disable_DHE
+pref("security.ssl3.dhe_rsa_aes_128_sha", false);
+pref("security.ssl3.dhe_rsa_aes_256_sha", false);
+pref("security.ssl3.dhe_dss_aes_128_sha", false);
+pref("security.ssl3.dhe_rsa_des_ede3_sha", false);