librewolf-bot/settings
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

change crl mode, hide promo in pb mode

Browse source
This commit is contained in:
fxbrit 2022-05-03 19:59:11 +02:00
parent e84fc950bf
commit fc84f74d45
2 changed files with 24 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
docs/Changelog.md
View file

@ -1,6 +1,26 @@
This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version. This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version.
Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config. Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config.
# 6.4
**target commit**:
**base librewolf version**: 100.x
**References**:
- hide Firefox Focus promo in private tabs.
- double checking revoked certificates with both CRL and OCSP allows to detect false positives and it is also [the default](https://hg.mozilla.org/mozilla-central/rev/a6ba7b4ee178) in v99+.
#### Added preferences
```
lockPref("browser.promo.focus.enabled", false);
```
#### Changed preferences
```
defaultPref("security.pki.crlite_mode", 3); // prev 2
```
# 6.3 # 6.3
**target commit**: **target commit**:

7
librewolf.cfg
View file

@ -6,7 +6,7 @@
* *
* WARNING: please make sure the first line of this file is empty. this is a known bug. * WARNING: please make sure the first line of this file is empty. this is a known bug.
*/ */
defaultPref("librewolf.cfg.version", "6.3"); defaultPref("librewolf.cfg.version", "6.4");
/** INDEX /** INDEX
@ -208,10 +208,10 @@ defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
* our strategy with revocation is to perform all possible checks with CRL, but when a cert * our strategy with revocation is to perform all possible checks with CRL, but when a cert
* cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and * cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and
* increase security. * increase security.
* switching to crlite mode 3 (v99+) would allow us to detect false positive with OCSP. * crlite is in mode 3 by default, which allows us to detect false positive with OCSP.
*/ */
defaultPref("security.remote_settings.crlite_filters.enabled", true); defaultPref("security.remote_settings.crlite_filters.enabled", true);
defaultPref("security.pki.crlite_mode", 2); // mode 2 means enforce CRL checks defaultPref("security.pki.crlite_mode", 3); // default
defaultPref("security.OCSP.enabled", 1); // default defaultPref("security.OCSP.enabled", 1); // default
defaultPref("security.OCSP.require", true); // set to hard-fail defaultPref("security.OCSP.require", true); // set to hard-fail
@ -472,6 +472,7 @@ lockPref("browser.contentblocking.report.hide_vpn_banner", true);
lockPref("browser.contentblocking.report.vpn.enabled", false); lockPref("browser.contentblocking.report.vpn.enabled", false);
lockPref("browser.contentblocking.report.show_mobile_app", false); lockPref("browser.contentblocking.report.show_mobile_app", false);
lockPref("browser.vpn_promo.enabled", false); lockPref("browser.vpn_promo.enabled", false);
lockPref("browser.promo.focus.enabled", false);
// ...about:addons recommendations sections and more // ...about:addons recommendations sections and more
defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false); defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false);
defaultPref("extensions.getAddons.showPane", false); defaultPref("extensions.getAddons.showPane", false);