From a5a458a3f47cc7d4d7b3a4128b5cbe8e79eab5e9 Mon Sep 17 00:00:00 2001
From: oneflux <oneflux@riseup.net>
Date: Mon, 21 Apr 2025 18:32:43 -0700
Subject: [PATCH] disable weak ciphers

---
 settings/camoufox.cfg | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/settings/camoufox.cfg b/settings/camoufox.cfg
index 5c1afca..5a7e184 100644
--- a/settings/camoufox.cfg
+++ b/settings/camoufox.cfg
@@ -665,4 +665,14 @@ defaultPref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", tr
 defaultPref("dom.ipc.keepProcessesAlive.web", 0);
 
 // Just in case
-defaultPref("javascript.options.wasm_shared_memory", false);
\ No newline at end of file
+defaultPref("javascript.options.wasm_shared_memory", false);
+
+// Disable TLS 1.0 and 1.1
+user_pref("security.tls.version.min", 3); // 3 = TLS 1.2
+user_pref("security.tls.version.max", 4); // 4 = TLS 1.3
+
+// Disable weak ciphers
+user_pref("security.ssl3.rsa_rc4_128_sha", false);
+user_pref("security.ssl3.rsa_des_ede3_sha", false);
+user_pref("security.ssl3.dhe_rsa_aes_128_sha", false);
+user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
\ No newline at end of file