michel_ouba/FF_arkenfox_user.js
michel_ouba
/
FF_arkenfox_user.js
1
0
Fork 0
Code Releases Activity

1244: CRLite, closes #1065

This commit is contained in:
Thorin-Oakenpants 2020-11-22 18:15:25 +00:00 committed by GitHub
parent 91cbc1e09a
commit cf53982086
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
user.js
View File

@ -717,6 +717,15 @@ user_pref("security.family_safety.mode", 0);
* by inspecting ALL your web traffic, then leave at current default=1
* [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/
user_pref("security.cert_pinning.enforcement_level", 2);
/* 1224: enforce CRLite [FF73+]
* In FF84+ it covers valid certs and in mode 2 doesn't fall back to OCSP, see [2]
* [1] https://bugzilla.mozilla.org/1429800 [META]
* [2] https://bugzilla.mozilla.org/1670985
* [3] https://blog.mozilla.org/security/2020/01/09/crlite-part-1-all-web-pki-revocations-compressed/
* [4] https://blog.mozilla.org/security/2020/01/09/crlite-part-2-end-to-end-design/
* [5] https://blog.mozilla.org/security/2020/01/21/crlite-part-3-speeding-up-secure-browsing/ ***/
user_pref("security.remote_settings.crlite_filters.enabled", true);
user_pref("security.pki.crlite_mode", 2);
/** MIXED CONTENT ***/
/* 1240: enforce no insecure active content on https pages