Skip to content

Commit 3de74a2

Browse files
jshajsha
committed
Disable SSLv3 support to prevent POODLE attack.
Conflicts: src/components/https-everywhere.js
1 parent c07f02c commit 3de74a2

File tree

1 file changed

+11
-3
lines changed

1 file changed

+11
-3
lines changed

src/components/https-everywhere.js

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,9 @@ NOTE=4;
77
WARN=5;
88

99
// PREFERENCE BRANCHES
10-
PREFBRANCH_ROOT=0;
11-
PREFBRANCH_RULE_TOGGLE=1;
10+
let PREFBRANCH_ROOT=0;
11+
let PREFBRANCH_RULE_TOGGLE=1;
12+
let PREFBRANCH_NONE=2;
1213

1314
//---------------
1415

@@ -194,6 +195,11 @@ function HTTPSEverywhere() {
194195
this.httpNowhereEnabled = this.prefs.getBoolPref("http_nowhere.enabled");
195196
this.isMobile = this.doMobileCheck();
196197

198+
// Disable SSLv3 to prevent POODLE attack.
199+
// https://www.imperialviolet.org/2014/10/14/poodle.html
200+
var root_prefs = this.get_prefs(PREFBRANCH_NONE);
201+
root_prefs.setIntPref("security.tls.version.min", 1);
202+
197203
// We need to use observers instead of categories for FF3.0 for these:
198204
// https://developer.mozilla.org/en/Observer_Notifications
199205
// https://developer.mozilla.org/en/nsIObserverService.
@@ -660,8 +666,10 @@ HTTPSEverywhere.prototype = {
660666
// get our preferences branch object
661667
// FIXME: Ugly hack stolen from https
662668
var branch_name;
663-
if(prefBranch == PREFBRANCH_RULE_TOGGLE)
669+
if(prefBranch === PREFBRANCH_RULE_TOGGLE)
664670
branch_name = "extensions.https_everywhere.rule_toggle.";
671+
else if (prefBranch === PREFBRANCH_NONE)
672+
branch_name = "";
665673
else
666674
branch_name = "extensions.https_everywhere.";
667675
var o_prefs = false;

0 commit comments

Comments
 (0)