From 9219cb1d0cd96143c33cd68448d0d1d79868656c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20Sch=C3=A4ferdiek?= Date: Wed, 23 Sep 2020 18:35:01 +0200 Subject: [PATCH] Don't enforce TLS v1.3 yet --- thunderbird/user.js | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/thunderbird/user.js b/thunderbird/user.js index bdc278a..336de7b 100755 --- a/thunderbird/user.js +++ b/thunderbird/user.js @@ -95,18 +95,20 @@ user_pref("security.mixed_content.block_active_content", true); user_pref("security.OCSP.enabled", 0); user_pref("security.ssl.require_safe_negotiation", true); user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); -user_pref("security.tls.version.min", 4); -// enable all below instead of the above min 4 if your mail provider doesn't support TLS v1.3 only -// user_pref("security.tls.version.min", 3); -// user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); -// user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); -// user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); -// user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); -// user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); -// user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); -// user_pref("security.ssl3.rsa_aes_128_sha", false); -// user_pref("security.ssl3.rsa_aes_256_sha", false); -// user_pref("security.ssl3.rsa_des_ede3_sha", false); +// Set to TLS v1.3 min (= 4, = 3 otherwise) +user_pref("security.tls.version.min", 3); +// BEGIN - enable all below instead of the above min 4 if your mail provider doesn't support TLS v1.3 only +user_pref("security.tls.version.min", 3); +user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); +user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); +user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); +user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); +user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); +user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); +user_pref("security.ssl3.rsa_aes_128_sha", false); +user_pref("security.ssl3.rsa_aes_256_sha", false); +user_pref("security.ssl3.rsa_des_ede3_sha", false); +// END - enable all above instead of the above min 4 if your mail provider doesn't support TLS v1.3 only user_pref("purple.logging.log_chats", false); user_pref("purple.logging.log_ims", false); user_pref("purple.logging.log_system", false);