notkshitij/Betterfox
1
0
Fork 0
mirror of https://github.com/yokoffing/Betterfox.git synced 2026-06-12 15:40:48 +05:30
Code Issues Releases Wiki Activity

Updated Optional Hardening (markdown)

yokoffing
2023-10-11 15:53:05 -04:00
parent 0470943bac
commit 7ee1aa890e
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Optional-Hardening.md
+3 -3
@@ -179,11 +179,11 @@ user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
*** ***
### Require Safe Negotiation ### Require Secure Renegotiation
Block connections to servers that don't support [RFC 5746](https://datatracker.ietf.org/doc/html/rfc5746) as they're potentially [vulnerable](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555) to a man-in-the-middle attack. Block connections to servers that do not support RFC 5746, as they are potentially [vulnerable](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555) to man-in-the-middle attacks.
A server without RFC 5746 can be safe from the attack if it disables renegotiations. However, the problem is that the browser can't know that. Setting this pref to `true` is the only way for the browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server. A server without [RFC 5746](https://datatracker.ietf.org/doc/html/rfc5746) can be safe from the attack if it disables renegotiations. However, the browser cannot know that. Setting this pref to `true` is the only way for the browser to ensure no unsafe renegotiations occur between the browser itself and the server.
:warning: Some sites, like `EA.com`, will not let you login due to their weak encryption. :warning: Some sites, like `EA.com`, will not let you login due to their weak encryption.