librewolf-bot/settings
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

improve documenting of crl and ocsp

Browse source
This commit is contained in:
fxbrit 2022-03-07 12:01:19 +01:00 committed by fabrizio
parent 7c52bbde49
commit 47bdeaae86
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
librewolf.cfg
View file

@ -201,6 +201,8 @@ defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
/** /**
* our strategy with revocation is to disable OCSP as it is slower and less privacy minded, and to use * our strategy with revocation is to disable OCSP as it is slower and less privacy minded, and to use
* CRL instead, particularly the CRLite solution with no OCSP fallback. * CRL instead, particularly the CRLite solution with no OCSP fallback.
* switching to crlite mode 3 (v99+) would allow us to detect false positive with OCSP. this would require
* enabling OCSP and setting it to hard-fail. OCSP is stapled by default.
*/ */
defaultPref("security.OCSP.enabled", 0); // disable ocsp fetching defaultPref("security.OCSP.enabled", 0); // disable ocsp fetching
defaultPref("security.remote_settings.crlite_filters.enabled", true); defaultPref("security.remote_settings.crlite_filters.enabled", true);