From 0c8406a6364357abbf920ea61d5472ddd8d8f8c2 Mon Sep 17 00:00:00 2001 From: Narsil Date: Wed, 27 Jan 2021 09:17:37 -0500 Subject: [PATCH] Update 'user.js (less connections)' --- user.js (less connections) | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/user.js (less connections) b/user.js (less connections) index a9779bc..be03112 100644 --- a/user.js (less connections) +++ b/user.js (less connections) @@ -801,10 +801,6 @@ user_pref("middlemouse.paste", false); // https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 user_pref("middlemouse.contentLoadURL", false); // ------------------------------------- -// Pref : Limit HTTP redirects (this does not control redirects with HTML meta tags or JS) -// [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins). To control HTML Meta tag and JS redirects, use an extension. -user_pref("network.http.redirection-limit", 15); // [DEFAULT: 20] -// ------------------------------------- // Pref : Remove webchannel whitelist user_pref("webchannel.allowObject.urlWhitelist", ""); // ------------------------------------- @@ -1481,8 +1477,11 @@ user_pref("dom.security.https_only_mode", true); [FF76+] user_pref("dom.security.https_only_mode_send_http_background_request", false); // ------------------------------------- // Pref : Require safe negotiation -// Blocks connections to servers that don't support RFC 5746 as they're potentially vulnerable to a MiTM attack. A server *without* RFC 5746 can be safe from the attack if it disables renegotiations but the problem is that the browser can't know that. -// Setting this pref to true is the only way for the browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server. +// Blocks connections (SSL_ERROR_UNSAFE_NEGOTIATION) to servers that don't support RFC 5746 +// as they're potentially vulnerable to a MiTM attack. A server without RFC 5746 can be +// safe from the attack if it disables renegotiations but the problem is that the browser can't +// know that. Setting this pref to true is the only way for the browser to ensure there will be +// no unsafe renegotiations on the channel between the browser and the server. // https://wiki.mozilla.org/Security:Renegotiation // https://tools.ietf.org/html/rfc5746 // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555