X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/4f9b63759c3973ae4e4d149e5b5c8be54e5fe308..426f88e4358468dbaa352171dbc1ff4ff336771f:/README.md?ds=sidebyside diff --git a/README.md b/README.md index 7152523..089b93c 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality. | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates. | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer. +| **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers. | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only). | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools. | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites. @@ -690,6 +691,69 @@ Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0 } } ``` +### DisabledCiphers +Disable specific cryptographic ciphers. + +**Compatibility:** Firefox 68.8, Firefox ESR 76\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x1 | 0x0 +``` +#### macOS +``` + + DisabledCiphers + + TLS_DHE_RSA_WITH_AES_128_CBC_SHA + | + TLS_DHE_RSA_WITH_AES_256_CBC_SHA + | + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + | + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + | + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + | + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + | + TLS_RSA_WITH_AES_128_CBC_SHA + | + TLS_RSA_WITH_AES_256_CBC_SHA + | + TLS_RSA_WITH_3DES_EDE_CBC_SHA + | + + +``` +#### policies.json +``` +{ + "policies": { + "DisabledCiphers" { + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true | false, + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true | false, + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true | false, + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true | false, + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true | false, + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true | false, + "TLS_RSA_WITH_AES_128_CBC_SHA": true | false, + "TLS_RSA_WITH_AES_256_CBC_SHA": true | false, + "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true | false + } + } +} +``` ### DisableDefaultBrowserAgent Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.