Bug 1399959 - Prefer hardware instead of software U2F tokens r=keeler
authorJ.C. Jones <jjones@mozilla.com>
Thu, 14 Sep 2017 10:51:20 -0700
changeset 666697 b406b52fd2e315c0faa2e454d1558e58be4e7241
parent 666696 a8b326d7a918386e14077be9b5f8b27463a5c8f4
child 666698 18b7334918f0c1bfbd1fabd691eb6e3ff4e2a1c7
push id80486
push userbmo:tlin@mozilla.com
push dateTue, 19 Sep 2017 03:52:30 +0000
bugs1399959, 1388851
Bug 1399959 - Prefer hardware instead of software U2F tokens r=keeler Bug 1388851 adds hardware U2F support to Gecko; the instructions to test involve flipping two prefs, but the common case will be using harwdare tokens, so this patch makes users only haave to flip the "security.webauth.u2f" or "security.webauth.webauthn" prefs as they choose. MozReview-Commit-ID: 346120ZI8p4
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -108,20 +108,23 @@ pref("security.pki.netscape_step_up_poli
 pref("security.pki.netscape_step_up_policy", 2);
 // Configures Certificate Transparency support mode:
 // 0: Fully disabled.
 // 1: Only collect telemetry. CT qualification checks are not performed.
 pref("security.pki.certificate_transparency.mode", 0);
+// Hardware Origin-bound Second Factor Support
 pref("security.webauth.u2f", false);
 pref("security.webauth.webauthn", false);
+// Only one of "enable_softtoken" and "enable_usbtoken" can be true
+// at a time.
 pref("security.webauth.webauthn_enable_softtoken", false);
-pref("security.webauth.webauthn_enable_usbtoken", false);
+pref("security.webauth.webauthn_enable_usbtoken", true);
 pref("security.ssl.errorReporting.enabled", true);
 pref("security.ssl.errorReporting.url", "https://incoming.telemetry.mozilla.org/submit/sslreports/");
 pref("security.ssl.errorReporting.automatic", false);
 // Impose a maximum age on HPKP headers, to avoid sites getting permanently
 // blacking themselves out by setting a bad pin.  (60 days by default)
 // https://tools.ietf.org/html/rfc7469#section-4.1