Re-enable the DHE (Ephemeral Diffie-Hellman) cipher suites, which IceCat
38.6.0 disabled by default to avoid the Logjam attack.  This issue was
fixed in NSS version 3.19.1 by limiting the lower strength of supported
DHE keys to use 1023 bit primes, so we can enable these cipher suites
safely.  The DHE cipher suites are needed to allow IceCat to connect to
many sites, including https://gnupg.org/.

Patch by Mark H Weaver <mhw@netris.org>

--- icecat-38.6.0/browser/app/profile/icecat.js.orig	1969-12-31 19:00:00.000000000 -0500
+++ icecat-38.6.0/browser/app/profile/icecat.js	2016-02-06 00:48:23.826170154 -0500
@@ -2061,12 +2061,6 @@
 pref("security.ssl3.rsa_des_ede3_sha", false);
 pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
 pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
-// https://directory.fsf.org/wiki/Disable_DHE
-// Avoid logjam attack
-pref("security.ssl3.dhe_rsa_aes_128_sha", false);
-pref("security.ssl3.dhe_rsa_aes_256_sha", false);
-pref("security.ssl3.dhe_dss_aes_128_sha", false);
-pref("security.ssl3.dhe_rsa_des_ede3_sha", false);
 //Optional
 //Perfect forward secrecy
 // pref("security.ssl3.rsa_aes_256_sha", false);
mk'>log</a><a href='/guix/tree/nix/local.mk?id=ea4b6ffd24f6656b31d2c037a5671748ac6a81c0'>tree</a><a href='/guix/commit/nix/local.mk?id=ea4b6ffd24f6656b31d2c037a5671748ac6a81c0'>commit</a><a href='/guix/diff/nix/local.mk?id=ea4b6ffd24f6656b31d2c037a5671748ac6a81c0'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/nix/local.mk'>
<input type='hidden' name='id' value='ea4b6ffd24f6656b31d2c037a5671748ac6a81c0'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=ea4b6ffd24f6656b31d2c037a5671748ac6a81c0'>root</a>/<a href='/guix/log/nix?id=ea4b6ffd24f6656b31d2c037a5671748ac6a81c0'>nix</a>/<a href='/guix/log/nix/local.mk?id=ea4b6ffd24f6656b31d2c037a5671748ac6a81c0'>local.mk</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/nix/local.mk?id=ea4b6ffd24f6656b31d2c037a5671748ac6a81c0&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2019-02-04 16:20:01 +0100'>2019-02-04</span></td><td><a href='/guix/commit/nix/local.mk?id=959eaa1eb834fd47ceab3c5bbbe4967e808d530b'>daemon: Add "/guix" to default 'nixLibexecDir'.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-02-04 00:03:30 +0100'>2019-02-04</span></td><td><a href='/guix/commit/nix/local.mk?id=65d13e3043d90382f79b1780e06dc671ae451edf'>daemon: Remove unused 'NIX_DATA_DIR' environment variable.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-11-14 21:34:08 +0100'>2018-11-14</span></td><td><a href='/guix/commit/nix/local.mk?id=0fe1fba4af41f267c4bb2c006fb37f42422ab703'>daemon: Install 'authenticate' script under LIBEXECDIR/guix.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-06-22 10:23:31 +0200'>2018-06-22</span></td><td><a href='/guix/commit/nix/local.mk?id=de30f71a099203ecb25f560aa896e9c1a86febc6'>build: Remove leftover reference to nix/libstore/schema.sql.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-06-14 11:17:00 +0200'>2018-06-14</span></td><td><a href='/guix/commit/nix/local.mk?id=ea0a06cee2ba05451f94714a4f913db02efbe92c'>Remove 'guix-register' and its traces.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-06-14 11:16:58 +0200'>2018-06-14</span></td><td><a href='/guix/commit/nix/local.mk?id=3931c76154d4f418d5ea9acc5e47bf911d371c24'>database: 'with-database' can now initialize new databases.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-06-08 15:23:39 +0200'>2018-06-08</span></td><td><a href='/guix/commit/nix/local.mk?id=751164bca1030dfd14f9fa7508c03eb4b41173e4'>build: Do not add all of $(BUILT_SOURCES) to $(CLEANFILES).</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-01-07 23:47:22 +0100'>2018-01-07</span></td><td><a href='/guix/commit/nix/local.mk?id=f997137d0e2eba27bb1e2b282ee19ea474c41e12'>daemon: Make libbz2 an optional dependency.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-01-07 23:47:22 +0100'>2018-01-07</span></td><td><a href='/guix/commit/nix/local.mk?id=29a686688674dc875775305312513405fa396a06'>daemon: Add gzip log compression.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2017-03-06 13:25:51 -0500'>2017-03-06</span></td><td><a href='/guix/commit/nix/local.mk?id=613d0895b92c677e0639d5e77c55043e38e020c8'>build: Don't embed absolute paths in .service and .conf service files.</a><span class='msg-avail'>...</span></td><td>Leo Famulari</td></tr>
<tr><td><span title='2016-12-20 15:14:40 +0100'>2016-12-20</span></td><td><a href='/guix/commit/nix/local.mk?id=b20644ed18b5ef33efa3c127fed2eb6b18955987'>build: Delete all the .service and .conf files upon 'make clean'.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2016-12-18 17:45:44 +0100'>2016-12-18</span></td><td><a href='/guix/commit/nix/local.mk?id=5a5fc61f072eaa7fe9bfa65dbbd4c6215d88626c'>build: Fix .service and .conf targets for VPATH builds.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2016-12-18 17:45:44 +0100'>2016-12-18</span></td><td><a href='/guix/commit/nix/local.mk?id=fa54f44bb7e37af4a2152ca6b033f69071193005'>build: Add 'guix-publish.*.in' to the distribution.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2016-11-24 09:23:11 +0100'>2016-11-24</span></td><td><a href='/guix/commit/nix/local.mk?id=332d7903f52c2bf3741b04ac2d01cd9018b70800'>Add system start-up files for "guix publish".</a><span class='msg-avail'>...</span></td><td>Hartmut Goebel</td></tr>
<tr><td><span title='2016-11-16 18:19:47 +0100'>2016-11-16</span></td><td><a href='/guix/commit/nix/local.mk?id=94d92c7796a3dd50c27d532315f7d497ac99f08e'>daemon: Add "builtin:download" derivation builder.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2016-10-28 22:30:17 +0200'>2016-10-28</span></td><td><a href='/guix/commit/nix/local.mk?id=7bed5d91dea6ecff565d51a021e6f99718d04f86'>daemon: Factor out SQLite handling.</a><span class='msg-avail'>...</span></td><td>Eelco Dolstra</td></tr>

Age	Commit message (Expand)	Author
2019-02-04	daemon: Add "/guix" to default 'nixLibexecDir'....	Ludovic Courtès
2019-02-04	daemon: Remove unused 'NIX_DATA_DIR' environment variable....	Ludovic Courtès
2018-11-14	daemon: Install 'authenticate' script under LIBEXECDIR/guix....	Ludovic Courtès
2018-06-22	build: Remove leftover reference to nix/libstore/schema.sql....	Ludovic Courtès
2018-06-14	Remove 'guix-register' and its traces....	Ludovic Courtès
2018-06-14	database: 'with-database' can now initialize new databases....	Ludovic Courtès
2018-06-08	build: Do not add all of $(BUILT_SOURCES) to $(CLEANFILES)....	Ludovic Courtès
2018-01-07	daemon: Make libbz2 an optional dependency....	Ludovic Courtès
2018-01-07	daemon: Add gzip log compression....	Ludovic Courtès
2017-03-06	build: Don't embed absolute paths in .service and .conf service files....	Leo Famulari
2016-12-20	build: Delete all the .service and .conf files upon 'make clean'....	Ludovic Courtès
2016-12-18	build: Fix .service and .conf targets for VPATH builds....	Ludovic Courtès
2016-12-18	build: Add 'guix-publish.*.in' to the distribution....	Ludovic Courtès
2016-11-24	Add system start-up files for "guix publish"....	Hartmut Goebel
2016-11-16	daemon: Add "builtin:download" derivation builder....	Ludovic Courtès
2016-10-28	daemon: Factor out SQLite handling....	Eelco Dolstra