1
0

1220 security.nocertdb clarify & add warning

This commit is contained in:
Roman-Nopantski 2017-02-23 03:32:09 +13:00 committed by GitHub
parent 49d8b9f6d6
commit 3af7679932

View File

@ -58,6 +58,7 @@
1210: disable 1024-DH Encryption
1211: disable SHA-1
1212: disable SSL session tracking
1220: security.nocertdb
1401 & 1406: browser.display.use_document_fonts <font color=#ff3333>[author blocked fonts]</font>
1404: default fonts <font color=#ff3333>[author changed default fonts]</font>
1805: plugin.scan.plid.all <font color=#ff3333>[author blocked all plugins]</font>
@ -661,8 +662,9 @@ user_pref("security.mixed_content.use_hsts", false);
// recommended left inactive and at default, unless you fully understand the risks and trade-offs
// user_pref("network.stricttransportsecurity.preloadlist", false);
// 1220: disable intermediate certificate caching (fingerprinting attack vector)
// NOTE: This affects login/cert/key dbs. AFAIK the only effect is all active logins start anew
// per session. This may be better handled under FPI (ticket 1323644, part of Tor Uplift)
// NOTE: This may be better handled under FPI (ticket 1323644, part of Tor Uplift)
// WARNING: This affects login/cert/key dbs You will lose all credentials as they are now
// session-only. To be clear, you will lose all your saved passwords and login user names
// https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 // related bug
// https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 // related bug (see comment 9)
// user_pref("security.nocertdb", true); // (hidden pref)