From 6754d5ea997f61e6df67ff782e8b2c7507495595 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Wed, 1 Jul 2015 09:03:44 -0300 Subject: iceweasel: The logjam attack [https://weakdh.org/] allows an attacker to impersonate servers that support weak keys. This change implements https://addons.mozilla.org/en-US/firefox/addon/disable-dhe/ --- libre/iceweasel/PKGBUILD | 2 +- libre/iceweasel/vendor.js | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'libre/iceweasel') diff --git a/libre/iceweasel/PKGBUILD b/libre/iceweasel/PKGBUILD index ff1e0a387..54dd453cf 100644 --- a/libre/iceweasel/PKGBUILD +++ b/libre/iceweasel/PKGBUILD @@ -61,7 +61,7 @@ sha256sums=('a0011a4e9078cc2e50a48f76fef3506360d3ab32507b0eef47404dc6d3bd022c' '56eba484179c7f498076f8dc603d8795e99dce8c6ea1da9736318c59d666bff6' '2257dc69886bd0b72c48675a27c3a88b9cf6b598252c9e9f1c99763180684fc3' '3aea6676f1e53a09673b6ae219d281fc28054beb6002b09973611c02f827651d' - 'ebdbce871dd67b7d7de9e2e7c2f180e8a9eae4e26d2b762b2028fe0fc5636050' + 'f1abfe74f715b33feb8ca00062cc8bf2498c3ebc641eb7b5f231f786b4227c36' '68e3a5b47c6d175cc95b98b069a15205f027cab83af9e075818d38610feb6213') prepare() { diff --git a/libre/iceweasel/vendor.js b/libre/iceweasel/vendor.js index a1e41cef2..2135bf4aa 100644 --- a/libre/iceweasel/vendor.js +++ b/libre/iceweasel/vendor.js @@ -157,3 +157,9 @@ pref("app.faqURL", "http://libreplanet.org/wiki/Group:IceCat/FAQ"); // PFS URL pref("pfs.datasource.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%"); pref("pfs.filehint.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%"); + +// https://directory.fsf.org/wiki/Disable_DHE +pref("security.ssl3.dhe_rsa_aes_128_sha", false); +pref("security.ssl3.dhe_rsa_aes_256_sha", false); +pref("security.ssl3.dhe_dss_aes_128_sha", false); +pref("security.ssl3.dhe_rsa_des_ede3_sha", false); -- cgit v1.2.3