From cc40725cd321ab0e362b59e315c3477994cf6abe Mon Sep 17 00:00:00 2001
From: rusty-snake <print_hello_world+Public@protonmail.com>
Date: Fri, 13 Mar 2020 19:10:17 +0000
Subject: [PATCH] Update 1200 Intro and 1264 weak cipher suites

* CBC, SHA1
 * WEAK: security.ssl3.ecdhe_ecdsa_aes_256_sha
 * WEAK: security.ssl3.ecdhe_rsa_aes_256_sha
* Add test from browserleaks with also shows a fingerprint hash and TLS Extensions.
---
 user.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/user.js b/user.js
index e6c5df8..99d2a90 100644
--- a/user.js
+++ b/user.js
@@ -637,6 +637,7 @@ user_pref("browser.shell.shortcutFavicons", false);
 /*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS)
    Your cipher and other settings can be used in server side fingerprinting
    [TEST] https://www.ssllabs.com/ssltest/viewMyClient.html
+   [TEST] https://browserleaks.com/ssl
    [1] https://www.securityartwork.es/2017/02/02/tls-client-fingerprinting-with-bro/
 ***/
 user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
@@ -753,6 +754,8 @@ user_pref("security.mixed_content.block_object_subrequest", true);
 /* 1264: disable the remaining non-modern cipher suites as of FF52 ***/
    // user_pref("security.ssl3.rsa_aes_128_sha", false);
    // user_pref("security.ssl3.rsa_aes_256_sha", false);
+   // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
+   // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
 
 /** UI (User Interface) ***/
 /* 1270: display warning on the padlock for "broken security" (if 1201 is false)