Privacy Issue #2932
Updated by bill-auger over 3 years ago
Insecure connections are dead long time, but browsers for some reason are too slow to even use a warning on them.
Consider switching the following config prefs in hardened preferences:
* security.tls.version.min
* security.mixed_content.upgrade_display_content
* browser.preferences.exposeHTTPSOnly
* dom.security.https_only_mode
* dom.security.https_only_mode_ever_enabled
* security.insecure_connection_text.enabled
`security.tls.version.min` to 3 (anything older than TLS 1.2 should be disabled; re-enabled because of stupid government system administrators, should never happen)</code> happen)
`security.mixed_content.upgrade_display_content` (upgrade mixed "content")
`browser.preferences.exposeHTTPSOnly` (enable HTTPS-only display, might be unnecessary on Firefox 83 release)
`dom.security.https_only_mode` and `dom.security.https_only_mode_ever_enabled` to force HTTPS-only mode
`security.insecure_connection_text.enabled` text for insecure connections.
Consider switching the following config prefs in hardened preferences:
* security.tls.version.min
* security.mixed_content.upgrade_display_content
* browser.preferences.exposeHTTPSOnly
* dom.security.https_only_mode
* dom.security.https_only_mode_ever_enabled
* security.insecure_connection_text.enabled
`security.tls.version.min` to 3 (anything older than TLS 1.2 should be disabled; re-enabled because of stupid government system administrators, should never happen)</code> happen)
`security.mixed_content.upgrade_display_content` (upgrade mixed "content")
`browser.preferences.exposeHTTPSOnly` (enable HTTPS-only display, might be unnecessary on Firefox 83 release)
`dom.security.https_only_mode` and `dom.security.https_only_mode_ever_enabled` to force HTTPS-only mode
`security.insecure_connection_text.enabled` text for insecure connections.