1201: add error code, fixes #1094

This commit is contained in:
Thorin-Oakenpants 2021-01-26 19:58:57 +00:00 committed by GitHub
parent 2dd455ef83
commit 2f6b14ab6e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -624,10 +624,10 @@ user_pref("browser.shell.shortcutFavicons", false);
user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
/** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/
/* 1201: require safe negotiation
* Blocks connections to servers that don't support RFC 5746 [2] as they're potentially
* vulnerable to a MiTM attack [3]. A server *without* RFC 5746 can be safe from the attack
* if it disables renegotiations but the problem is that the browser can't know that.
* Setting this pref to true is the only way for the browser to ensure there will be
* Blocks connections (SSL_ERROR_UNSAFE_NEGOTIATION) to servers that don't support RFC 5746 [2]
* as they're potentially vulnerable to a MiTM attack [3]. A server without RFC 5746 can be
* safe from the attack if it disables renegotiations but the problem is that the browser can't
* know that. Setting this pref to true is the only way for the browser to ensure there will be
* no unsafe renegotiations on the channel between the browser and the server.
* [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation [4]
* [1] https://wiki.mozilla.org/Security:Renegotiation