summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-re-enable-DHE-cipher-suites.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-re-enable-DHE-cipher-suites.patch')
-rw-r--r--gnu/packages/patches/icecat-re-enable-DHE-cipher-suites.patch24
1 files changed, 0 insertions, 24 deletions
diff --git a/gnu/packages/patches/icecat-re-enable-DHE-cipher-suites.patch b/gnu/packages/patches/icecat-re-enable-DHE-cipher-suites.patch
deleted file mode 100644
index 5c869bf510..0000000000
--- a/gnu/packages/patches/icecat-re-enable-DHE-cipher-suites.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Re-enable the DHE (Ephemeral Diffie-Hellman) cipher suites, which IceCat
-38.6.0 disabled by default to avoid the Logjam attack.  This issue was
-fixed in NSS version 3.19.1 by limiting the lower strength of supported
-DHE keys to use 1023 bit primes, so we can enable these cipher suites
-safely.  The DHE cipher suites are needed to allow IceCat to connect to
-many sites, including https://gnupg.org/.
-
-Patch by Mark H Weaver <mhw@netris.org>
-
---- icecat-38.6.0/browser/app/profile/icecat.js.orig	1969-12-31 19:00:00.000000000 -0500
-+++ icecat-38.6.0/browser/app/profile/icecat.js	2016-02-06 00:48:23.826170154 -0500
-@@ -2061,12 +2061,6 @@
- pref("security.ssl3.rsa_des_ede3_sha", false);
- pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
- pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
--// https://directory.fsf.org/wiki/Disable_DHE
--// Avoid logjam attack
--pref("security.ssl3.dhe_rsa_aes_128_sha", false);
--pref("security.ssl3.dhe_rsa_aes_256_sha", false);
--pref("security.ssl3.dhe_dss_aes_128_sha", false);
--pref("security.ssl3.dhe_rsa_des_ede3_sha", false);
- //Optional
- //Perfect forward secrecy
- // pref("security.ssl3.rsa_aes_256_sha", false);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-28 09:19:11 +0000