X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/994ae6deeabeca8bbdb5a8a6305342d197ce42fc..f9fbb1dc69894a0baa791b78750f988c5603c2b9:/README.md?ds=sidebyside
diff --git a/README.md b/README.md
index 5791604..089b93c 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g
| **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
| **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
| **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
+| **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
| **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
| **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
| **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
@@ -690,6 +691,69 @@ Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
}
}
```
+### DisabledCiphers
+Disable specific cryptographic ciphers.
+
+**Compatibility:** Firefox 68.8, Firefox ESR 76\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x1 | 0x0
+```
+#### macOS
+```
+
+ DisabledCiphers
+
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ |
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ |
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ |
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ |
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ |
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ |
+ TLS_RSA_WITH_AES_128_CBC_SHA
+ |
+ TLS_RSA_WITH_AES_256_CBC_SHA
+ |
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ |
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisabledCiphers" {
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true | false,
+ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true | false,
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true | false,
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true | false,
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true | false,
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true | false,
+ "TLS_RSA_WITH_AES_128_CBC_SHA": true | false,
+ "TLS_RSA_WITH_AES_256_CBC_SHA": true | false,
+ "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true | false
+ }
+ }
+}
+```
### DisableDefaultBrowserAgent
Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms donât have the agent.
@@ -2117,9 +2181,11 @@ Set permissions associated with camera, microphone, location, notifications, and
`Locked` prevents the user from changing preferences for the feature.
-**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6\
+`Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
+
+**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`
+**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default`
#### Windows (GPO)
```
@@ -2142,6 +2208,8 @@ Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0
Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
+Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
+Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
```
#### macOS
```
@@ -2160,9 +2228,9 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl
https://example.edu
BlockNewRequests
-
+ |
Locked
-
+ |
Microphone
@@ -2175,9 +2243,9 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl
https://example.edu
BlockNewRequests
-
+ |
Locked
-
+ |
Location
@@ -2190,9 +2258,9 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl
https://example.edu
BlockNewRequests
-
+ |
Locked
-
+ |
Notifications
@@ -2219,6 +2287,10 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl
https://example.edu
+ Default
+ allow-audio-video | block-audio | block-audio-video
+ Locked
+ |
@@ -2254,7 +2326,9 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl
},
"Autoplay": {
"Allow": ["https://example.org"],
- "Block": ["https://example.edu"]
+ "Block": ["https://example.edu"],
+ "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
+ "Locked": true | false
}
}
}
@@ -2408,7 +2482,7 @@ disabled
| If set to Select Automatically, Firefox automatically chooses the default personal certificate.
| security.mixed_content.block_active_content | boolean | Firefox 70, Firefox ESR 68.2 | true
| If false, mixed active content (HTTP and HTTPS) is not blocked.
-| security.osclientcerts.autoload | boolean | Firefox 72, Firefox ESR 68.4 (Windows only) | false
+| security.osclientcerts.autoload | boolean | Firefox 72 (Windows), Firefox 75 (macOS) | false
| If true, client certificates are loaded from the operating system certificate store.
| security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true
| If false, SSL errors cannot be sent to Mozilla.