Set Strict Pinning Enforcement Level

author: Gaming4JC <g4jc@hyperbola.info> 2019-05-31 21:33:21 -0400
committer: Gaming4JC <g4jc@hyperbola.info> 2019-05-31 21:33:21 -0400
commit: 15c1341ea2c364138d042831fe6263469cadce1b (patch)
tree: 891685a3667a687459044cb887935d8b08f5d971 /app
parent: 855fd1dfe369303a055e02b9188e602b1f9ed9ac (diff)
download: iceweasel-uxp-15c1341ea2c364138d042831fe6263469cadce1b.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/app/profile/iceweasel-uxp.js b/app/profile/iceweasel-uxp.js
index 5600495..30eb213 100644
--- a/app/profile/iceweasel-uxp.js
+++ b/app/profile/iceweasel-uxp.js
@@ -1052,8 +1052,13 @@ pref("security.insecure_password.ui.enabled", true);
 // Show in-content login form warning UI for insecure login fields
 pref("security.insecure_field_warning.contextual.enabled", true);
 
-// 1 = allow MITM for certificate pinning checks.
-pref("security.cert_pinning.enforcement_level", 1);
+// Set Strict Pinning Enforcement Level 
+//    0. Pinning disabled
+//    1. Allow User MITM (pinning not enforced if the trust anchor is a user inserted CA, default)
+//    2. Strict. Pinning is always enforced.
+//    3. Enforce test mode.
+// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
+pref("security.cert_pinning.enforcement_level", 2);
 
 
 // Override the Gecko-default value of false for Firefox.
author	Gaming4JC <g4jc@hyperbola.info>	2019-05-31 21:33:21 -0400
committer	Gaming4JC <g4jc@hyperbola.info>	2019-05-31 21:33:21 -0400
commit	15c1341ea2c364138d042831fe6263469cadce1b (patch)
tree	891685a3667a687459044cb887935d8b08f5d971 /app
parent	855fd1dfe369303a055e02b9188e602b1f9ed9ac (diff)
download	iceweasel-uxp-15c1341ea2c364138d042831fe6263469cadce1b.tar.gz