Question of HTTPZ security, and interference with browser native TLS/SSL directives

Question

Question of HTTPZ security, and interference with browser native TLS/SSL directives

rugabunda opened this issue 5 years ago · 0 comments

@claustromaniac You suggest your addon adds security to prevent SSL stripping attacks. Now there are a number of settings to modify TLS and SSL settings in about:config, and some of these involve changing the way the browser deals with ssl and tls handshakes, security, RTT0 and the like. I am curious if HTTPZ interferes with or overrides any of these settings, and replaces the following with its own:

For example:

security.tls.enable_0rtt_data
security.tls.version.min
security.tls.hello_downgrade_check
security.ssl.disable_session_identifiers
security.ssl.enable_false_start
security.ssl.require_safe_negotiation
security.ssl.treat_unsafe_negotiation_as_broken

Thanks!