X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/58e224c806e4040f3f87f2eadd11d41e51645429..ffe0c46e275df6117df51030e0461f9eddbc384d:/docs/index.md diff --git a/docs/index.md b/docs/index.md index d0840a8..3cbb173 100644 --- a/docs/index.md +++ b/docs/index.md @@ -4525,6 +4525,7 @@ toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91. ui. widget. xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only) +xpinstall.whitelist.required (Firefox 118, Firefox ESR 115.3) ``` as well as the following security preferences: @@ -4541,21 +4542,23 @@ as well as the following security preferences: | security.osclientcerts.autoload | boolean | false |     If true, client certificates are loaded from the operating system certificate store. | security.OCSP.enabled | integer | 1 -|     If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates +|     If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates. | security.OCSP.require | boolean | false |      If true, if an OCSP request times out, the connection fails. | security.osclientcerts.assume_rsa_pss_support | boolean | true -|      If false, we don't assume an RSA key can do RSA-PSS (Firefox 114, Firefox ESR 102.12). +|      If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12) | security.ssl.enable_ocsp_stapling | boolean | true |      If false, OCSP stapling is not enabled. | security.ssl.errorReporting.enabled | boolean | true |     If false, SSL errors cannot be sent to Mozilla. +| security.ssl.require_safe_negotiation | boolean | false +|     If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3) | security.tls.enable_0rtt_data | boolean | true -|     If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15). +|     If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15) | security.tls.hello_downgrade_check | boolean | true |     If false, the TLS 1.3 downgrade check is disabled. | security.tls.version.enable-deprecated | boolean | false -|     If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8). +|     If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8) | security.warn_submit_secure_to_insecure | boolean | true |     If false, no warning is shown when submitting a form from https to http. @@ -5647,7 +5650,7 @@ Value (string): ``` ### SSLVersionMax -Set and lock the maximum version of TLS. +Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.) **Compatibility:** Firefox 66, Firefox ESR 60.6\ **CCK2 Equivalent:** N/A\ @@ -5685,7 +5688,7 @@ Value (string): ``` ### SSLVersionMin -Set and lock the minimum version of TLS. +Set and lock the minimum version of TLS. (Firefox defaults to a minimum of TLS 1.2.) **Compatibility:** Firefox 66, Firefox ESR 60.6\ **CCK2 Equivalent:** N/A\