From fc84f74d45f4a0c77cf1526558ff95f915f1bb43 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Tue, 3 May 2022 19:59:11 +0200 Subject: [PATCH] change crl mode, hide promo in pb mode --- docs/Changelog.md | 20 ++++++++++++++++++++ librewolf.cfg | 7 ++++--- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 7c1e549..9852f64 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -1,6 +1,26 @@ This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version. Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config. +# 6.4 + +**target commit**: + +**base librewolf version**: 100.x + +**References**: +- hide Firefox Focus promo in private tabs. +- double checking revoked certificates with both CRL and OCSP allows to detect false positives and it is also [the default](https://hg.mozilla.org/mozilla-central/rev/a6ba7b4ee178) in v99+. + +#### Added preferences +``` +lockPref("browser.promo.focus.enabled", false); +``` + +#### Changed preferences +``` +defaultPref("security.pki.crlite_mode", 3); // prev 2 +``` + # 6.3 **target commit**: diff --git a/librewolf.cfg b/librewolf.cfg index e571abe..c3e2bb9 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -6,7 +6,7 @@ * * WARNING: please make sure the first line of this file is empty. this is a known bug. */ -defaultPref("librewolf.cfg.version", "6.3"); +defaultPref("librewolf.cfg.version", "6.4"); /** INDEX @@ -208,10 +208,10 @@ defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true); * our strategy with revocation is to perform all possible checks with CRL, but when a cert * cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and * increase security. - * switching to crlite mode 3 (v99+) would allow us to detect false positive with OCSP. + * crlite is in mode 3 by default, which allows us to detect false positive with OCSP. */ defaultPref("security.remote_settings.crlite_filters.enabled", true); -defaultPref("security.pki.crlite_mode", 2); // mode 2 means enforce CRL checks +defaultPref("security.pki.crlite_mode", 3); // default defaultPref("security.OCSP.enabled", 1); // default defaultPref("security.OCSP.require", true); // set to hard-fail @@ -472,6 +472,7 @@ lockPref("browser.contentblocking.report.hide_vpn_banner", true); lockPref("browser.contentblocking.report.vpn.enabled", false); lockPref("browser.contentblocking.report.show_mobile_app", false); lockPref("browser.vpn_promo.enabled", false); +lockPref("browser.promo.focus.enabled", false); // ...about:addons recommendations sections and more defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false); defaultPref("extensions.getAddons.showPane", false);