From c4d7cbf4eeee3cead0afbed6a5ac8e0f19ecc399 Mon Sep 17 00:00:00 2001
From: Shreyas Minocha <sm-git@riseup.net>
Date: Mon, 29 Jun 2020 15:27:10 +0530
Subject: [PATCH] Increase minimum TLS version to TLS 1.2

This is in line with ghacksuserjs's current recommendation.
---
 librewolf.cfg | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/librewolf.cfg b/librewolf.cfg
index eee5524..2cd6532 100644
--- a/librewolf.cfg
+++ b/librewolf.cfg
@@ -1255,10 +1255,11 @@ defaultPref("network.dns.localDomains", "librefox.com");
 // https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645
 lockPref("security.tls.version.fallback-limit", 3);
 
-// Pref : Only allow TLS 1.[0-3]
+// Pref : Only allow TLS 1.2+
 // http://kb.mozillazine.org/Security.tls.version.*
-lockPref("security.tls.version.min", 2);
+lockPref("security.tls.version.min", 3);
 
+// enforce TLS 1.0 and 1.1 downgrades as session only
 lockPref("security.tls.version.enable-deprecated", false);
 
 // Pref : Enfore Public Key Pinning