Yes for Firefox ESR 68 and newer.
https://github.com/mozilla/policy-templates/blob/master/README.md#dnsoverhttps
-Original Message-
From: Enterprise On Behalf Of James M. Pulver
Sent: Wednesday, February 26, 2020 8:02 AM
To: enterprise@mozilla.org
Subject: [Mozilla Enterprise] Disable
Where did you get this recommendation?
Mike
On Tue, Feb 18, 2020 at 3:18 PM Eddie Rowe
wrote:
> // 4.6 (L2) Set OCSP Response Policy
>
> defaultPref("security.OCSP.require", true);
>
>
>
> I have enabled this setting in ESR 68.4 x64 and many sites such as Google
> and even Mozilla just do not
I just released it.
https://github.com/mozilla/policy-templates/releases/tag/v1.13
Mike
On Wed, Feb 26, 2020 at 10:38 AM Mike Kaply wrote:
> Yes some very minor changes. I'll get the update out today.
>
> Mike
>
> On Wed, Feb 26, 2020, 10:37 AM Kahle, Markus <
>
Yes, I am following the guidance of a security baseline and setting this to
true. I guess I was thinking that OCSP stapling support would be broad enough
by now that we should not have issues. I think we are left with no option but
to turn this feature off. I was hoping I had overlooked
Yes, there will still be the ability to override via the preferences. In
addition, for a release or two, we'll provide a manual downgrade on the
error page.
Mike
On Fri, Feb 21, 2020 at 10:54 AM Houle, Todd - 1120 - MITLL <
todd.ho...@ll.mit.edu> wrote:
> HI all –
>
> I know TLS support will be
Is there a policy yet for ESR to disable DoH?
--
James Pulver
CLASSE Computer Group
Cornell University
___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise
To unsubscribe from this list, please visit
The Center for Internet Security publishes a number of security baselines.
Firefox’s baseline is very old and does not appear to be updated so I took the
older ESR version and looked at Policies and settings to come with my own newer
version.
“4.6 (L2) Set OCSP Response Policy (Scored)
Hello, these plans have been announced quite a while ago and across browser
vendors:
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
https://hacks.mozilla.org/2019/05/tls-1-0-and-1-1-removal-update/
https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/
Good Morning,
What is the plan for Mozilla to stop supporting TLS 1.0 and 1.1. I'm hearing
rumors about it possibly could be in March? I believe we have several servers
that still has to support TLS 1.0.
Justin Anderson
Software Engineer
CACI
___
Hi,
Mike Kaply answered my question to OCSP setting before so I guess you should
not use it.
12. November 2019 17:37
Re: [Mozilla Enterprise] security.OCSP.require
FYI, on discussion with my team, there are lots of problems with OCSP. I assume
you're setting it to true?
It can cause
10 matches
Mail list logo
