From: Michael Kaply <345868+mkaply@users.noreply.github.com> Date: Tue, 5 Sep 2023 16:34:40 +0000 (-0400) Subject: Add documentation for security.ssl.require_safe_negotiation X-Git-Tag: v5.3~7 X-Git-Url: https://git.p6c8.net/policy-templates.git/commitdiff_plain/97ad8d5b4807ae93b27b5ad63778664e1f9352e6?ds=sidebyside;hp=--cc Add documentation for security.ssl.require_safe_negotiation --- 97ad8d5b4807ae93b27b5ad63778664e1f9352e6 diff --git a/docs/index.md b/docs/index.md index a8304cb..8fd1d59 100644 --- a/docs/index.md +++ b/docs/index.md @@ -4541,21 +4541,23 @@ as well as the following security preferences: | security.osclientcerts.autoload | boolean | false |     If true, client certificates are loaded from the operating system certificate store. | security.OCSP.enabled | integer | 1 -|     If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates +|     If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates. | security.OCSP.require | boolean | false |      If true, if an OCSP request times out, the connection fails. | security.osclientcerts.assume_rsa_pss_support | boolean | true -|      If false, we don't assume an RSA key can do RSA-PSS (Firefox 114, Firefox ESR 102.12). +|      If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12) | security.ssl.enable_ocsp_stapling | boolean | true |      If false, OCSP stapling is not enabled. | security.ssl.errorReporting.enabled | boolean | true |     If false, SSL errors cannot be sent to Mozilla. +| security.ssl.require_safe_negotiation | boolean | false +|     If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3) | security.tls.enable_0rtt_data | boolean | true -|     If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15). +|     If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15) | security.tls.hello_downgrade_check | boolean | true |     If false, the TLS 1.3 downgrade check is disabled. | security.tls.version.enable-deprecated | boolean | false -|     If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8). +|     If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8) | security.warn_submit_secure_to_insecure | boolean | true |     If false, no warning is shown when submitting a form from https to http.