116.1 (#221)

* require_safe_negotiation breaks EA
2026-06-12 15:40:48 +05:30 · 2023-09-05 12:18:20 -04:00
parent 288676b07d
commit dd49bcaae4
2 changed files with 5 additions and 5 deletions
@@ -1,9 +1,9 @@

 /****************************************************************************
 * Securefox                                                                *
- * "Natura non contristatur"                                               *     
+ * "Natura non contristatur"                                                *     
 * priority: provide sensible security and privacy                          *
- * version: 116                                                             *
+ * version: 116.1                                                           *
 * url: https://github.com/yokoffing/Betterfox                              *                   
 ****************************************************************************/

@@ -276,6 +276,7 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);

 // PREF: require safe negotiation
 // [ERROR] SSL_ERROR_UNSAFE_NEGOTIATION
+// [WARNING] Breaks ea.com login (Sep 2023).
 // Blocks connections to servers that don't support RFC 5746 [2]
 // as they're potentially vulnerable to a MiTM attack [3].
 // A server without RFC 5746 can be safe from the attack if it
@@ -288,7 +289,7 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
 // [2] https://datatracker.ietf.org/doc/html/rfc5746
 // [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
 // [4] https://www.ssllabs.com/ssl-pulse/
-user_pref("security.ssl.require_safe_negotiation", true);
+//user_pref("security.ssl.require_safe_negotiation", true);

 // PREF: display advanced information on Insecure Connection warning pages
 // [TEST] https://expired.badssl.com/
@@ -10,7 +10,7 @@
 /****************************************************************************
 * Betterfox                                                                *
 * "Ad meliora"                                                             *
- * version: 116                                                             *
+ * version: 116.1                                                           *
 * url: https://github.com/yokoffing/Betterfox                              *
 ****************************************************************************/

@@ -85,7 +85,6 @@ user_pref("security.cert_pinning.enforcement_level", 2);

 /** SSL / TLS ***/
 user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
-user_pref("security.ssl.require_safe_negotiation", true);
 user_pref("browser.xul.error_pages.expert_bad_cert", true);
 user_pref("security.tls.enable_0rtt_data", false);