Re-enable the DHE (Ephemeral Diffie-Hellman) cipher suites, which IceCat 38.6.0 disabled by default to avoid the Logjam attack. This issue was fixed in NSS version 3.19.1 by limiting the lower strength of supported DHE keys to use 1023 bit primes, so we can enable these cipher suites safely. The DHE cipher suites are needed to allow IceCat to connect to many sites, including https://gnupg.org/. Patch by Mark H Weaver --- icecat-38.6.0/browser/app/profile/icecat.js.orig 1969-12-31 19:00:00.000000000 -0500 +++ icecat-38.6.0/browser/app/profile/icecat.js 2016-02-06 00:48:23.826170154 -0500 @@ -2061,12 +2061,6 @@ pref("security.ssl3.rsa_des_ede3_sha", false); pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); -// https://directory.fsf.org/wiki/Disable_DHE -// Avoid logjam attack -pref("security.ssl3.dhe_rsa_aes_128_sha", false); -pref("security.ssl3.dhe_rsa_aes_256_sha", false); -pref("security.ssl3.dhe_dss_aes_128_sha", false); -pref("security.ssl3.dhe_rsa_des_ede3_sha", false); //Optional //Perfect forward secrecy // pref("security.ssl3.rsa_aes_256_sha", false); active' href='/guix/log/gnu/tests/version-control.scm'>logtreecommitdiff
path: root/gnu/tests/version-control.scm
AgeCommit message (Expand)Author