From c9b1b08b9851ba9c491b012803d27d5636abac92 Mon Sep 17 00:00:00 2001 From: Steffen Gransow Date: Thu, 21 May 2015 21:34:56 +0200 Subject: [PATCH 1/2] logjam related disabling of two more DH ciphers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See "The logjam attack" – https://weakdh.org/ --- user.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index df75935b..c2d01bb2 100644 --- a/user.js +++ b/user.js @@ -487,11 +487,13 @@ user_pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); /* ciphers with DHE and > 128bits * des-ede3 = 168 bits */ -user_pref("security.ssl3.dhe_rsa_camellia_256_sha", true); //user_pref("security.ssl3.dhe_dss_camellia_256_sha", true); -user_pref("security.ssl3.dhe_rsa_aes_256_sha", true); //user_pref("security.ssl3.dhe_dss_aes_256_sha", true); +// susceptible to the logjam attack – https://weakdh.org/ +user_pref("security.ssl3.dhe_rsa_camellia_256_sha", false); +user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); + // ciphers with DSA (max 1024 bits) user_pref("security.ssl3.dhe_dss_aes_128_sha", false); user_pref("security.ssl3.dhe_dss_aes_256_sha", false); From c63b500740c739f848290e09a44a80a97456c204 Mon Sep 17 00:00:00 2001 From: Steffen Gransow Date: Thu, 21 May 2015 21:57:52 +0200 Subject: [PATCH 2/2] remove ciphers that are no longer deemed secure from README file. --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index d7ee4f32..3e529c4e 100644 --- a/README.md +++ b/README.md @@ -119,8 +119,6 @@ Here's the list with this config: Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) - Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) - Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)