summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGaming4JC <g4jc@hyperbola.info>2019-05-31 21:33:21 -0400
committerGaming4JC <g4jc@hyperbola.info>2019-05-31 21:33:21 -0400
commit15c1341ea2c364138d042831fe6263469cadce1b (patch)
tree891685a3667a687459044cb887935d8b08f5d971
parent855fd1dfe369303a055e02b9188e602b1f9ed9ac (diff)
downloadiceweasel-uxp-15c1341ea2c364138d042831fe6263469cadce1b.tar.gz
Set Strict Pinning Enforcement Level
-rw-r--r--app/profile/iceweasel-uxp.js9
1 files changed, 7 insertions, 2 deletions
diff --git a/app/profile/iceweasel-uxp.js b/app/profile/iceweasel-uxp.js
index 5600495..30eb213 100644
--- a/app/profile/iceweasel-uxp.js
+++ b/app/profile/iceweasel-uxp.js
@@ -1052,8 +1052,13 @@ pref("security.insecure_password.ui.enabled", true);
// Show in-content login form warning UI for insecure login fields
pref("security.insecure_field_warning.contextual.enabled", true);
-// 1 = allow MITM for certificate pinning checks.
-pref("security.cert_pinning.enforcement_level", 1);
+// Set Strict Pinning Enforcement Level
+// 0. Pinning disabled
+// 1. Allow User MITM (pinning not enforced if the trust anchor is a user inserted CA, default)
+// 2. Strict. Pinning is always enforced.
+// 3. Enforce test mode.
+// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
+pref("security.cert_pinning.enforcement_level", 2);
// Override the Gecko-default value of false for Firefox.