Bug 1386754 - Deprecate 3DES on nightly builds r?dveditz
3DES usage is well below 1% [1]. A recent TLS Canary run with
"security.ssl3.rsa_des_ede3_sha" disabled showed 825 of 500,000 sites being
affected by deprecating 3DES [2]. This starts the deprecation by disabling the
3DES cipher suite preference in nightly builds.
[1] https://mzl.la/2uNt0BP
[2] https://tlscanary.mozilla.org/runs/2017-08-01-17-07-49/
MozReview-Commit-ID: C9cobeOqGLj
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -23,17 +23,22 @@ pref("security.ssl3.ecdhe_rsa_aes_256_gc
pref("security.ssl3.ecdhe_rsa_aes_128_sha", true);
pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true);
pref("security.ssl3.ecdhe_rsa_aes_256_sha", true);
pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true);
pref("security.ssl3.dhe_rsa_aes_128_sha", true);
pref("security.ssl3.dhe_rsa_aes_256_sha", true);
pref("security.ssl3.rsa_aes_128_sha", true);
pref("security.ssl3.rsa_aes_256_sha", true);
+// Deprecate 3DES on nightly builds, Bug 1386754
+#ifdef RELEASE_OR_BETA
pref("security.ssl3.rsa_des_ede3_sha", true);
+#else
+pref("security.ssl3.rsa_des_ede3_sha", false);
+#endif
pref("security.content.signature.root_hash",
"97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E");
pref("security.default_personal_cert", "Ask Every Time");
pref("security.remember_cert_checkbox_default_setting", true);
pref("security.ask_for_password", 0);
pref("security.password_lifetime", 30);