diff --git a/thunderbird/user.js b/thunderbird/user.js index 3471f8e..bdc278a 100755 --- a/thunderbird/user.js +++ b/thunderbird/user.js @@ -89,27 +89,28 @@ user_pref("rss.display.prefer_plaintext", true); user_pref("rss.show.content-base", 1); user_pref("security.family_safety.mode", 0); user_pref("security.cert_pinning.enforcement_level", 2); -user_pref("security.mixed_content.block_display_content", false); +user_pref("security.mixed_content.block_display_content", true); user_pref("security.mixed_content.upgrade_display_content", true); user_pref("security.mixed_content.block_active_content", true); user_pref("security.OCSP.enabled", 0); user_pref("security.ssl.require_safe_negotiation", true); user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); -user_pref("security.tls.version.min", 3); +user_pref("security.tls.version.min", 4); +// enable all below instead of the above min 4 if your mail provider doesn't support TLS v1.3 only +// user_pref("security.tls.version.min", 3); +// user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); +// user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); +// user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); +// user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); +// user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); +// user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); +// user_pref("security.ssl3.rsa_aes_128_sha", false); +// user_pref("security.ssl3.rsa_aes_256_sha", false); +// user_pref("security.ssl3.rsa_des_ede3_sha", false); user_pref("purple.logging.log_chats", false); user_pref("purple.logging.log_ims", false); user_pref("purple.logging.log_system", false); user_pref("purple.conversations.im.send_typing", false); user_pref("privacy.firstparty.isolate", true); -user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); -user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); -user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); -user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); -user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); -user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); -user_pref("security.ssl3.rsa_aes_128_sha", false); -user_pref("security.ssl3.rsa_aes_256_sha", false); -user_pref("security.ssl3.rsa_des_ede3_sha", false); - user_pref("network.trr.resolvers", '[{ "name": "Cloudflare", "url": "https://mozilla.cloudflare-dns.com/dns-query" },{ "name": "NextDNS", "url": "https://trr.dns.nextdns.io/" },{ "name": "dnsforge.de", "url": "https://dnsforge.de/dns-query" },{ "name": "Digitale Gesellschaft (CH)", "url": "https://dns.digitale-gesellschaft.ch/dns-query" }, { "name": "Freifunk Muenchen", "url": "https://doh.ffmuc.net" }, { "name": "BlahDNS (DE)", "url": "https://doh-de.blahdns.com/dns-query" }, { "name": "BlahDNS (FI)", "url": "https://doh-fi.blahdns.com/dns-query" }, { "name": "Quad9", "url": "https://dns.quad9.net/dns-query" }]');