Re: Disable certain ciphers and hashing algorithms while building FF and TB

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Disable certain ciphers and hashing algorithms while building FF and TB

Mozilla - Security mailing list
On Tuesday, January 23, 2018 at 9:39:46 AM UTC+5, f masood wrote:

> 1 I am building Mozilla Firefox and Mozilla Thunderbird 52 versions from source code.
>
> 2 By default all the ciphers and hashing algorithms are enabled while building those two applications.
>
> 3 How can I disable certain ciphers and hashing algos while building these two applications ? Can I specify in the CONF file or something ?
>
> 4 e.g I want to disable ALL other ciphers just one AES to be enabled
> I want to disable ALL other hashing algorithms just one SHA256 to be enabled
>
> (I know the above can have issues while communicating with major websites/email server)

PING !!!
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security
Reply | Threaded
Open this post in threaded view
|

Re: Disable certain ciphers and hashing algorithms while building FF and TB

Hubert Kario
On Tuesday, 13 March 2018 11:15:18 CEST f masood via dev-security wrote:

> On Tuesday, January 23, 2018 at 9:39:46 AM UTC+5, f masood wrote:
> > 1 I am building Mozilla Firefox and Mozilla Thunderbird 52 versions from
> > source code.
> >
> > 2 By default all the ciphers and hashing algorithms are enabled while
> > building those two applications.
> >
> > 3 How can I disable certain ciphers and hashing algos while building these
> > two applications ? Can I specify in the CONF file or something ?
> >
> > 4 e.g I want to disable ALL other ciphers just one AES to be enabled
> > I want to disable ALL other hashing algorithms just one SHA256 to be
> > enabled
> >
> > (I know the above can have issues while communicating with major
> > websites/email server)
> PING !!!
not when building, but you can do it at runtime using the policy mechanism
used by Fedora:
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
https://fedoraproject.org/wiki/Changes/CryptoPolicy

--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 115, 612 00  Brno, Czech Republic
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security

signature.asc (849 bytes) Download Attachment