enforce stronger ciphers in torbirdy
The last RFC from 2015 regarding TLS (https://www.rfc-editor.org/rfc/rfc7525.txt) makes recommendations regarding the use of ciphers, this ciphers are just included in TLS v. 1.2. 4.2. Recommended Cipher Suites Given the foregoing considerations, implementation and deployment of the following cipher suites is RECOMMENDED:
o TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 o TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 o TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 o TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
These cipher suites are supported only in TLS 1.2 because they are authenticated encryption (AEAD) algorithms [RFC5116].
Maybe it's a good idea for torbirdy to enforce stronger ciphers and tls v 1.2 (TLS v 1.1 was published in 2006 and TLS v1.2 published in 2008) and only to allow weaker ciphers if the user deliberately changes the setting (eg in "Torbirdy Preferences", checkbox "Allow weak ciphers and TLS downgrade"). Esp. because torbirdy users always face the risk of a malicious exit node, that might try a downgrade attack. And if an email provider in late 2016, still doesn't support the IETF recommendations from 2016 (RFC 7525), maybe it's just not a good idea to use them with torbirdy (by specifically enabling weaker settings, by checking a box, the user should know that it's not the best idea to use this email provider any longer)
Therefore I recommend the following tls/tls-settings for torbirdy's next release. (I took them from this German site: https://privacy-handbuch.de/handbuch_31k.htm)
security.tls.version.min = 3 //enforce tls v 1.2 security.ssl3.* false security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 true security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 true
//prevent insecure recognition security.ssl.require_safe_negotiation true security.ssl.treat_unsafe_negotiation_as_broken true
//strict key pinning [1] security.cert_pinning.enforcement_level 2
[1]https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning