diff options
Diffstat (limited to 'netwerk/base')
-rw-r--r-- | netwerk/base/security-prefs.js | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index 329a4c6b7..5351d7c04 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -111,6 +111,17 @@ pref("security.ssl.errorReporting.enabled", true); pref("security.ssl.errorReporting.url", "https://incoming.telemetry.mozilla.org/submit/sslreports/"); pref("security.ssl.errorReporting.automatic", false); +// OCSP must-staple +pref("security.ssl.enable_ocsp_must_staple", true); + +// HPKP settings + +// Enable pinning checks by default. +pref("security.cert_pinning.enforcement_level", 2); +// Do not process hpkp headers rooted by not built in roots by default. +// This is to prevent accidental pinning from MITM devices and is used +// for tests. +pref("security.cert_pinning.process_headers_from_non_builtin_roots", false); // Impose a maximum age on HPKP headers, to avoid sites getting permanently // blacking themselves out by setting a bad pin. (60 days by default) // https://tools.ietf.org/html/rfc7469#section-4.1 |