| security.osclientcerts.autoload | boolean | false
| If true, client certificates are loaded from the operating system certificate store.
| security.OCSP.enabled | integer | 1
-| If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates
+| If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates.
| security.OCSP.require | boolean | false
| If true, if an OCSP request times out, the connection fails.
| security.osclientcerts.assume_rsa_pss_support | boolean | true
-| If false, we don't assume an RSA key can do RSA-PSS (Firefox 114, Firefox ESR 102.12).
+| If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
| security.ssl.enable_ocsp_stapling | boolean | true
| If false, OCSP stapling is not enabled.
| security.ssl.errorReporting.enabled | boolean | true
| If false, SSL errors cannot be sent to Mozilla.
+| security.ssl.require_safe_negotiation | boolean | false
+| If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3)
| security.tls.enable_0rtt_data | boolean | true
-| If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15).
+| If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15)
| security.tls.hello_downgrade_check | boolean | true
| If false, the TLS 1.3 downgrade check is disabled.
| security.tls.version.enable-deprecated | boolean | false
-| If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
+| If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8)
| security.warn_submit_secure_to_insecure | boolean | true
| If false, no warning is shown when submitting a form from https to http.
git.p6c8.net / policy-templates.git / commitdiff