Xulrunner for Debian
====================

Weak SSL
--------

From version 1.8.0.1-11 onwards, SSLv2 and SSLv3 40-bit ciphers are disabled
due to their weakness. If your xulrunner or embedding application provides a
way to alert the user about the weakness of the cipher in use, while still
allowing the user to use it, you may re-enable them in your application
preferences.

The preferences to re-enable them are the following:
pref("security.enable_ssl2", true);
pref("security.ssl3.rsa_rc4_40_md5", true);
pref("security.ssl3.rsa_rc2_40_md5", true);

 -- Mike Hommey <glandium@debian.org>  Sat, 20 May 2006 11:03:22 +0200