Certain SSL prefs less secure than current Firefox defaults.
43v6c3463 opened this issue · 1 comments
43v6c3463 commented
The following SSL prefs are less secure than the current Firefox defaults:
// PREF: Only allow TLS 1.[0-3]
// http://kb.mozillazine.org/Security.tls.version.*
// 1 = TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.)
// 2 = TLS 1.1 is the minimum required / maximum supported encryption protocol.
// 3 = TLS 1.2 is the minimum required / maximum supported encryption protocol.
// 4 = TLS 1.3 is the minimum required / maximum supported encryption protocol.
user_pref("security.tls.version.min", 1);
user_pref("security.tls.version.max", 4);
// PREF: Disable insecure TLS version fallback
// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025
// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645
user_pref("security.tls.version.fallback-limit", 3);
Current default value for security.tls.version.min
is 3
and for security.tls.version.fallback-limit
4
.
pyllyukko commented
Thanks!