116.1 (#221)

* require_safe_negotiation breaks EA

Author: yokoffing

Securefox.js

@@ -1,9 +1,9 @@
 
 /****************************************************************************
  * Securefox                                                                *
- * "Natura non contristatur"                                               *     
+ * "Natura non contristatur"                                                *     
  * priority: provide sensible security and privacy                          *
- * version: 116                                                             *
+ * version: 116.1                                                           *
  * url: https://github.com/yokoffing/Betterfox                              *                   
 ****************************************************************************/
 
@@ -276,6 +276,7 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
 
 // PREF: require safe negotiation
 // [ERROR] SSL_ERROR_UNSAFE_NEGOTIATION
+// [WARNING] Breaks ea.com login (Sep 2023).
 // Blocks connections to servers that don't support RFC 5746 [2]
 // as they're potentially vulnerable to a MiTM attack [3].
 // A server without RFC 5746 can be safe from the attack if it
@@ -288,7 +289,7 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
 // [2] https://datatracker.ietf.org/doc/html/rfc5746
 // [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
 // [4] https://www.ssllabs.com/ssl-pulse/
-user_pref("security.ssl.require_safe_negotiation", true);
+//user_pref("security.ssl.require_safe_negotiation", true);
 
 // PREF: display advanced information on Insecure Connection warning pages
 // [TEST] https://expired.badssl.com/

user.js

@@ -10,7 +10,7 @@
 /****************************************************************************
  * Betterfox                                                                *
  * "Ad meliora"                                                             *
- * version: 116                                                             *
+ * version: 116.1                                                           *
  * url: https://github.com/yokoffing/Betterfox                              *
 ****************************************************************************/
 
@@ -85,7 +85,6 @@ user_pref("security.cert_pinning.enforcement_level", 2);
 
 /** SSL / TLS ***/
 user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
-user_pref("security.ssl.require_safe_negotiation", true);
 user_pref("browser.xul.error_pages.expert_bad_cert", true);
 user_pref("security.tls.enable_0rtt_data", false);