From dd49bcaae49e72ea1a81b1399b1ee50d96223991 Mon Sep 17 00:00:00 2001
From: HJ <11689349+yokoffing@users.noreply.github.com>
Date: Tue, 5 Sep 2023 12:18:20 -0400
Subject: [PATCH] 116.1 (#221)

* require_safe_negotiation breaks EA
---
 Securefox.js | 7 ++++---
 user.js      | 3 +--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Securefox.js b/Securefox.js
index 084c9c8..bf62878 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -1,9 +1,9 @@
 
 /****************************************************************************
  * Securefox                                                                *
- * "Natura non contristatur"                                               *     
+ * "Natura non contristatur"                                                *     
  * priority: provide sensible security and privacy                          *
- * version: 116                                                             *
+ * version: 116.1                                                           *
  * url: https://github.com/yokoffing/Betterfox                              *                   
 ****************************************************************************/
 
@@ -276,6 +276,7 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
 
 // PREF: require safe negotiation
 // [ERROR] SSL_ERROR_UNSAFE_NEGOTIATION
+// [WARNING] Breaks ea.com login (Sep 2023).
 // Blocks connections to servers that don't support RFC 5746 [2]
 // as they're potentially vulnerable to a MiTM attack [3].
 // A server without RFC 5746 can be safe from the attack if it
@@ -288,7 +289,7 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
 // [2] https://datatracker.ietf.org/doc/html/rfc5746
 // [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
 // [4] https://www.ssllabs.com/ssl-pulse/
-user_pref("security.ssl.require_safe_negotiation", true);
+//user_pref("security.ssl.require_safe_negotiation", true);
 
 // PREF: display advanced information on Insecure Connection warning pages
 // [TEST] https://expired.badssl.com/
diff --git a/user.js b/user.js
index 38639b6..88c21a9 100644
--- a/user.js
+++ b/user.js
@@ -10,7 +10,7 @@
 /****************************************************************************
  * Betterfox                                                                *
  * "Ad meliora"                                                             *
- * version: 116                                                             *
+ * version: 116.1                                                           *
  * url: https://github.com/yokoffing/Betterfox                              *
 ****************************************************************************/
 
@@ -85,7 +85,6 @@ user_pref("security.cert_pinning.enforcement_level", 2);
 
 /** SSL / TLS ***/
 user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
-user_pref("security.ssl.require_safe_negotiation", true);
 user_pref("browser.xul.error_pages.expert_bad_cert", true);
 user_pref("security.tls.enable_0rtt_data", false);