Re: Disable certain ciphers and hashing algorithms while building FF and TB

2018-06-29 Thread Hubert Kario
On Tuesday, 13 March 2018 11:15:18 CEST f masood via dev-security wrote:
> On Tuesday, January 23, 2018 at 9:39:46 AM UTC+5, f masood wrote:
> > 1 I am building Mozilla Firefox and Mozilla Thunderbird 52 versions from
> > source code.
> > 
> > 2 By default all the ciphers and hashing algorithms are enabled while
> > building those two applications.
> > 
> > 3 How can I disable certain ciphers and hashing algos while building these
> > two applications ? Can I specify in the CONF file or something ?
> > 
> > 4 e.g I want to disable ALL other ciphers just one AES to be enabled
> > I want to disable ALL other hashing algorithms just one SHA256 to be
> > enabled
> > 
> > (I know the above can have issues while communicating with major
> > websites/email server)
> PING !!!

not when building, but you can do it at runtime using the policy mechanism 
used by Fedora:
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
https://fedoraproject.org/wiki/Changes/CryptoPolicy

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

signature.asc
Description: This is a digitally signed message part.
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security


Re: Disable certain ciphers and hashing algorithms while building FF and TB

2018-03-13 Thread f masood via dev-security
On Tuesday, January 23, 2018 at 9:39:46 AM UTC+5, f masood wrote:
> 1 I am building Mozilla Firefox and Mozilla Thunderbird 52 versions from 
> source code.
> 
> 2 By default all the ciphers and hashing algorithms are enabled while 
> building those two applications.
> 
> 3 How can I disable certain ciphers and hashing algos while building these 
> two applications ? Can I specify in the CONF file or something ?
> 
> 4 e.g I want to disable ALL other ciphers just one AES to be enabled
> I want to disable ALL other hashing algorithms just one SHA256 to be enabled
> 
> (I know the above can have issues while communicating with major 
> websites/email server)

PING !!!
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security