X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/994ae6deeabeca8bbdb5a8a6305342d197ce42fc..f9fbb1dc69894a0baa791b78750f988c5603c2b9:/README.md?ds=inline diff --git a/README.md b/README.md index 5791604..089b93c 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality. | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates. | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer. +| **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers. | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only). | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools. | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites. @@ -690,6 +691,69 @@ Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0 } } ``` +### DisabledCiphers +Disable specific cryptographic ciphers. + +**Compatibility:** Firefox 68.8, Firefox ESR 76\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x1 | 0x0 +``` +#### macOS +``` + + DisabledCiphers + + TLS_DHE_RSA_WITH_AES_128_CBC_SHA + | + TLS_DHE_RSA_WITH_AES_256_CBC_SHA + | + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + | + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + | + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + | + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + | + TLS_RSA_WITH_AES_128_CBC_SHA + | + TLS_RSA_WITH_AES_256_CBC_SHA + | + TLS_RSA_WITH_3DES_EDE_CBC_SHA + | + + +``` +#### policies.json +``` +{ + "policies": { + "DisabledCiphers" { + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true | false, + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true | false, + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true | false, + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true | false, + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true | false, + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true | false, + "TLS_RSA_WITH_AES_128_CBC_SHA": true | false, + "TLS_RSA_WITH_AES_256_CBC_SHA": true | false, + "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true | false + } + } +} +``` ### DisableDefaultBrowserAgent Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent. @@ -2117,9 +2181,11 @@ Set permissions associated with camera, microphone, location, notifications, and `Locked` prevents the user from changing preferences for the feature. -**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6\ +`Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68. + +**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification` +**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default` #### Windows (GPO) ``` @@ -2142,6 +2208,8 @@ Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org" Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu" +Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video" +Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0 ``` #### macOS ``` @@ -2160,9 +2228,9 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl https://example.edu BlockNewRequests - + | Locked - + | Microphone @@ -2175,9 +2243,9 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl https://example.edu BlockNewRequests - + | Locked - + | Location @@ -2190,9 +2258,9 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl https://example.edu BlockNewRequests - + | Locked - + | Notifications @@ -2219,6 +2287,10 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl https://example.edu + Default + allow-audio-video | block-audio | block-audio-video + Locked + | @@ -2254,7 +2326,9 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl }, "Autoplay": { "Allow": ["https://example.org"], - "Block": ["https://example.edu"] + "Block": ["https://example.edu"], + "Default": "allow-audio-video" | "block-audio" | "block-audio-video", + "Locked": true | false } } } @@ -2408,7 +2482,7 @@ disabled |     If set to Select Automatically, Firefox automatically chooses the default personal certificate. | security.mixed_content.block_active_content | boolean | Firefox 70, Firefox ESR 68.2 | true |     If false, mixed active content (HTTP and HTTPS) is not blocked. -| security.osclientcerts.autoload | boolean | Firefox 72, Firefox ESR 68.4 (Windows only) | false +| security.osclientcerts.autoload | boolean | Firefox 72 (Windows), Firefox 75 (macOS) | false |     If true, client certificates are loaded from the operating system certificate store. | security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true |     If false, SSL errors cannot be sent to Mozilla.