|
|
@@ -698,12 +698,13 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
|
|
|
user_pref("security.ssl.require_safe_negotiation", true);
|
|
|
/* 1202: control TLS versions with min and max
|
|
|
* 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
|
|
|
- * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1
|
|
|
+ * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
|
|
|
+ * Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1
|
|
|
* [1] http://kb.mozillazine.org/Security.tls.version.*
|
|
|
* [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/
|
|
|
* [2] archived: https://archive.is/hY2Mm ***/
|
|
|
// user_pref("security.tls.version.min", 3);
|
|
|
-user_pref("security.tls.version.max", 4);
|
|
|
+ // user_pref("security.tls.version.max", 4);
|
|
|
/* 1203: disable SSL session tracking [FF36+]
|
|
|
* SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking
|
|
|
* [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the
|
Thorin-Oakenpants