X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/88c507b4fd44d77e1f8bc10b410add0181a2a6c3..993e729316b044de2e0e938ab6507b8e5a91380a:/docs/index.md diff --git a/docs/index.md b/docs/index.md index 4c1ddca..67a23bc 100644 --- a/docs/index.md +++ b/docs/index.md @@ -43,6 +43,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers. | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only). | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools. +| **[`DisableEncryptedClientHello`](#disableencryptedclienthello)** | Disable the TLS Feature Encrypted Client Hello (ECH). | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites. | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync). | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots. @@ -1623,6 +1624,41 @@ Value (string): } } ``` +### DisableEncryptedClientHello +Disable the TLS Feature for Encrypted Client Hello. Note that TLS Client Hellos will still contain an ECH extension, but this extension will not be used by Firefox during the TLS handshake. + +**Compatibility:** Firefox 127, Firefox ESR 128\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `network.dns.echconfig.enabled`, `network.dns.http3_echconfig.enabled` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisableEncryptedClientHello = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableEncryptedClientHello +``` +Value (string): +``` + or +``` +#### macOS +``` + + DisableEncryptedClientHello + | + +``` +#### policies.json +``` +{ + "policies": { + "DisableEncryptedClientHello": true | false + } +} +``` ### DisableFirefoxAccounts Disable Firefox Accounts integration (Sync). @@ -2848,6 +2884,7 @@ The configuration for each extension is another dictionary that can contain the | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration. | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension. | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`. +| `temporarily_allow_weak_signatures`| (Firefox 127) A boolean that indicates whether to allow installing extensions signed using deprecated signature algorithms. **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\ **CCK2 Equivalent:** N/A\ @@ -4719,6 +4756,7 @@ pdfjs. (Firefox 84, Firefox ESR 78.6) places. pref. print. +privacy.globalprivacycontrol.enabled (Firefox 127, Firefox ESR 128.0) privacy.userContext.enabled (Firefox 126, Firefox ESR 115.11) privacy.userContext.ui.enabled (Firefox 126, Firefox ESR 115.11) signon. (Firefox 83, Firefox ESR 78.5) @@ -4744,7 +4782,11 @@ as well as the following security preferences: | security.insecure_connection_text.pbmode.enabled | bool | false |     If set to true, adds the words "Not Secure" for insecure sites in private browsing. | security.mixed_content.block_active_content | boolean | true -|     If false, mixed active content (HTTP and HTTPS) is not blocked. +|     If set to true, mixed active content (HTTP subresources such as scripts, fetch requests, etc. on a HTTPS page) will be blocked. +| security.mixed_content.block_display_content | boolean | false +|     If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be blocked. (Firefox 127, Firefox ESR 128.0) +| security.mixed_content.upgrade_display_content | boolean | true +|     If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be upgraded to HTTPS. (Firefox 127, Firefox ESR 128.0) | security.osclientcerts.autoload | boolean | false |     If true, client certificates are loaded from the operating system certificate store. | security.OCSP.enabled | integer | 1