From 1a766e24797606df94bde78a82658a7b250c1e4f Mon Sep 17 00:00:00 2001
From: hackademix <giorgio@maone.net>
Date: Mon, 7 Oct 2024 10:38:47 +0200
Subject: [PATCH] fixup! Firefox preference overrides.

MB361: Disable only cyphersuites using SH1 for signing (ECDSA).
---
 browser/app/profile/001-base-profile.js | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/browser/app/profile/001-base-profile.js b/browser/app/profile/001-base-profile.js
index 2510b4da1e4d5..7194af2071c00 100644
--- a/browser/app/profile/001-base-profile.js
+++ b/browser/app/profile/001-base-profile.js
@@ -121,16 +121,13 @@ pref("network.http.referer.hideOnionSource", true);
 // [4] https://www.ssllabs.com/ssl-pulse/
 pref("security.ssl.require_safe_negotiation", true);
 
-// Bug 40183: Disable TLS ciphersuites using SHA-1
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40183
+// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA)
+// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437
+pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
+pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
+// lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765
 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked);
 pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked);
-pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false, locked);
-pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false, locked);
-pref("security.ssl3.ecdhe_rsa_aes_128_sha", false, locked);
-pref("security.ssl3.ecdhe_rsa_aes_256_sha", false, locked);
-pref("security.ssl3.rsa_aes_128_sha", false, locked);
-pref("security.ssl3.rsa_aes_256_sha", false, locked);
 
 // Wrapping a static pref to lock it and prevent changing.
 // See tor-browser#40565.