aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/firefox
diff options
context:
space:
mode:
authorLibravatar sommerfeld <sommerfeld@sommerfeld.dev>2024-07-24 23:01:43 +0100
committerLibravatar sommerfeld <sommerfeld@sommerfeld.dev>2024-07-24 23:01:43 +0100
commitb2bd1ab0d70b95608732e7a666083fa709b5ca0f (patch)
treedfa0ebd486fe62f7087adbb3bc84de24cac6ce79 /firefox
parent33a5b12034e2c55745c6cde7531aa90c1420792f (diff)
downloaddotfiles-master.tar.gz
dotfiles-master.tar.bz2
dotfiles-master.zip
[LW] Remove OCSP soft-failHEADmaster
Diffstat (limited to 'firefox')
-rw-r--r--firefox/user-overrides.js10
1 files changed, 0 insertions, 10 deletions
diff --git a/firefox/user-overrides.js b/firefox/user-overrides.js
index 514bcb9..9e02248 100644
--- a/firefox/user-overrides.js
+++ b/firefox/user-overrides.js
@@ -75,14 +75,4 @@ user_pref("privacy.resistFingerprinting.testGranularityMask", 4);
* [1] https://bugzilla.mozilla.org/1635603 ***/
user_pref("privacy.resistFingerprinting.exemptedDomains", "meet.google.com");
-/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail
- * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR
- * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail)
- * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail)
- * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it
- * could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers)
- * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
- * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/
-user_pref("security.OCSP.require", false);
-
user_pref("browser.fixup.domainsuffixwhitelist.i2p", true);