Bug 1305902 - Enable public key pinning in Seamonkey. r=frg a=frg
authorIan Neal <iann_cvs@blueyonder.co.uk>
Sat, 28 Sep 2019 18:13:12 +0200
changeset 32311 1aa55d01c39693487899ccc544ea94c401b892e0
parent 32310 da2c74f5383834a99773d54b0246e1b8c3972583
child 32312 9c857eef5a5b1ce89a6da3442b7fffd369879168
push id219
push userfrgrahl@gmx.net
push dateSat, 28 Sep 2019 16:19:15 +0000
treeherdercomm-esr60@5c0d3f86a9a6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfrg, frg
Bug 1305902 - Enable public key pinning in Seamonkey. r=frg a=frg
--- a/suite/browser/browser-prefs.js
+++ b/suite/browser/browser-prefs.js
@@ -825,16 +825,18 @@ pref("security.warn_leaving_secure", fal
 pref("security.warn_submit_insecure", false);
 pref("security.warn_viewing_mixed", false);
 pref("security.warn_mixed_active_content", true);
 pref("security.warn_mixed_display_content", true);
 // Block insecure active content on https pages
 pref("security.mixed_content.block_active_content", true);
 // Turn on the CSP 1.0 parser for Content Security Policy headers
 pref("security.csp.speccompliant", true);
+// 1 = allow MITM for certificate pinning checks.
+pref("security.cert_pinning.enforcement_level", 1);
 pref("geo.wifi.uri", "https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%");
 // Some of these prefs are specified even though they may be redundant; they are given
 // here for clarity and end-user experiments with platform-provided geolocation.
 #ifdef XP_MACOSX
 pref("geo.provider.use_corelocation", false);