From ad66d5b6f55e8f0a397514d6bba092e9d3ee1292 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Wed, 1 Jul 2015 09:27:39 -0300 Subject: icecat: The logjam attack [https://weakdh.org/] allows an attacker to impersonate servers that support weak keys. This change implements https://addons.mozilla.org/en-US/firefox/addon/disable-dhe/ --- libre/icecat/PKGBUILD | 2 +- libre/icecat/vendor.js | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'libre') diff --git a/libre/icecat/PKGBUILD b/libre/icecat/PKGBUILD index 089e05fe8..79313612b 100644 --- a/libre/icecat/PKGBUILD +++ b/libre/icecat/PKGBUILD @@ -51,7 +51,7 @@ sha256sums=('57ddd9a3b2875dc3f1bfbb0f6d8fd5551775f1f68cc4237f6f4251a7ca954528' '93e3001ce152e1d142619e215a9ef07dd429943b99d21726c25da9ceb31e31cd' '52df9ffeb52166ed4abd9a132ee4a9017b9c4980f0725ba383610ccfb06d4745' '5bdab2de5520fb4d3dbc453d9f73d20e0e077bf652bc780fc17184ba6c718a47' - '977aa49b940f1da049cefa2878a63ac6669a78e63e9d55bb11db7b8f8fb64c33' + 'de9474f400657082c9ff7c4c3c228cb7d4a818fa358e748286f1bbdec9798488' 'd25c6e95d20ec622a51346897d986fdd97074023d6a02bee0533773a195f8233' '68e3a5b47c6d175cc95b98b069a15205f027cab83af9e075818d38610feb6213' 'd57d0e4d5bc66323388e8f3c9999ed443abfd304a28a1696cc6f4518ed0d0f2a') diff --git a/libre/icecat/vendor.js b/libre/icecat/vendor.js index 32fddb8db..e9c424224 100644 --- a/libre/icecat/vendor.js +++ b/libre/icecat/vendor.js @@ -26,3 +26,9 @@ pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); pref("security.ssl3.rsa_rc4_128_md5", false); pref("security.ssl3.rsa_rc4_128_sha", false); + +// https://directory.fsf.org/wiki/Disable_DHE +pref("security.ssl3.dhe_rsa_aes_128_sha", false); +pref("security.ssl3.dhe_rsa_aes_256_sha", false); +pref("security.ssl3.dhe_dss_aes_128_sha", false); +pref("security.ssl3.dhe_rsa_des_ede3_sha", false); -- cgit v1.2.3