me
/
guix
Archived
1
0
Fork 0
This repository has been archived on 2024-08-07. You can view files and clone it, but cannot push or open issues/pull-requests.
guix/gnu/packages/patches/icecat-re-enable-DHE-cipher...

25 lines
1.1 KiB
Diff

Re-enable the DHE (Ephemeral Diffie-Hellman) cipher suites, which IceCat
38.6.0 disabled by default to avoid the Logjam attack. This issue was
fixed in NSS version 3.19.1 by limiting the lower strength of supported
DHE keys to use 1023 bit primes, so we can enable these cipher suites
safely. The DHE cipher suites are needed to allow IceCat to connect to
many sites, including https://gnupg.org/.
Patch by Mark H Weaver <mhw@netris.org>
--- icecat-38.6.0/browser/app/profile/icecat.js.orig 1969-12-31 19:00:00.000000000 -0500
+++ icecat-38.6.0/browser/app/profile/icecat.js 2016-02-06 00:48:23.826170154 -0500
@@ -2061,12 +2061,6 @@
pref("security.ssl3.rsa_des_ede3_sha", false);
pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
-// https://directory.fsf.org/wiki/Disable_DHE
-// Avoid logjam attack
-pref("security.ssl3.dhe_rsa_aes_128_sha", false);
-pref("security.ssl3.dhe_rsa_aes_256_sha", false);
-pref("security.ssl3.dhe_dss_aes_128_sha", false);
-pref("security.ssl3.dhe_rsa_des_ede3_sha", false);
//Optional
//Perfect forward secrecy
// pref("security.ssl3.rsa_aes_256_sha", false);