Skip to content
Firefox administrator reference

DisabledCiphers

Disable specific cryptographic ciphers.

Compatibility: Firefox 76, Firefox ESR 68.8
CCK2 Equivalent: N/A
Preferences Affected: security.ssl3.ecdhe_rsa_aes_128_gcm_sha256, security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256, security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256, security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256, security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384, security.ssl3.ecdhe_rsa_aes_256_gcm_sha384, security.ssl3.ecdhe_rsa_aes_128_sha, security.ssl3.ecdhe_ecdsa_aes_128_sha, security.ssl3.ecdhe_rsa_aes_256_sha, security.ssl3.ecdhe_ecdsa_aes_256_sha, security.ssl3.dhe_rsa_aes_128_sha, security.ssl3.dhe_rsa_aes_256_sha, security.ssl3.rsa_aes_128_gcm_sha256, security.ssl3.rsa_aes_256_gcm_sha384, security.ssl3.rsa_aes_128_sha, security.ssl3.rsa_aes_256_sha, security.ssl3.deprecated.rsa_des_ede3_sha, security.tls13.chacha20_poly1305_sha256, security.tls13.aes_128_gcm_sha256, security.tls13.aes_256_gcm_sha384

Values

Section titled “Values”

The following cryptographic cyphers are configurable as CIPHER_NAME:

  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256 (Firefox 78)
  • TLS_RSA_WITH_AES_256_GCM_SHA384 (Firefox 78)
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (Firefox 97 and Firefox ESR 91.6)
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (Firefox 97 and Firefox ESR 91.6)
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (Firefox 97 and Firefox ESR 91.6)
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Firefox 97 and Firefox ESR 91.6)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (Firefox 97 and Firefox ESR 91.6)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (Firefox 97 and Firefox ESR 91.6)
  • TLS_CHACHA20_POLY1305_SHA256 (Firefox 138, Firefox ESR 128.10)
  • TLS_AES_128_GCM_SHA256 (Firefox 138, Firefox ESR 128.10)
  • TLS_AES_256_GCM_SHA384 (Firefox 138, Firefox ESR 128.10)

Windows (GPO)

Section titled “Windows (GPO)”
Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0

Windows (Intune)

Section titled “Windows (Intune)”

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME

Value (string):

<enabled/> or <disabled/>

macOS

Section titled “macOS”
<dict>
  <key>DisabledCiphers</key>
    <dict>
      <key>CIPHER_NAME</key>
      <true/> | <false/>
    </dict>
</dict>

policies.json

Section titled “policies.json”
{
  "policies": {
    "DisabledCiphers": {
      "CIPHER_NAME": true | false,
    }
  }
}