From 7d90bb0cc91031cfb471d17e1b936110dd8e684f Mon Sep 17 00:00:00 2001 From: StarPicard <8884658+StarPicard@users.noreply.github.com> Date: Fri, 23 Mar 2018 16:17:23 +0100 Subject: [PATCH 1/3] Create https.json First implementation of some https presets. Source: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js#L691 --- settings/https.json | 59 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 settings/https.json diff --git a/settings/https.json b/settings/https.json new file mode 100644 index 0000000..d29c1ef --- /dev/null +++ b/settings/https.json @@ -0,0 +1,59 @@ +[ + { + "name": "https", + "type": "choice", + "label": "Set https security level", + "help_text": null, + "choices": [ + "Ultra", + "Strong", + "Normal" + ], + "initial": 2, + "addons": [ + [], + [], + [] + ], + "config": [ + { + "security.tls.version.min": 3, + "security.tls.version.fallback-limit": 3, + "security.tls.version.max": 4, + "security.ssl.disable_session_identifiers": true, + "security.ssl.errorReporting.automatic": false, + "security.ssl.errorReporting.enabled": false, + "security.ssl.errorReporting.url": "", + "security.tls.enable_0rtt_data": false, + "security.ssl.enable_ocsp_stapling": true, + "security.OCSP.enabled": 1, + "security.OCSP.require": true, + "security.cert_pinning.enforcement_level": 2, + "network.stricttransportsecurity.preloadlist": true, + "security.mixed_content.block_active_content": true, + "security.mixed_content.block_display_content": true, + "security.pki.sha1_enforcement_level": 1, + "security.ssl.treat_unsafe_negotiation_as_broken": true, + "browser.ssl_override_behavior": 1, + "security.insecure_connection_icon.enabled": true, + }, + { + "security.tls.version.min": 3, + "security.tls.version.fallback-limit": 1, + "security.tls.version.max": 4, + "security.ssl.disable_session_identifiers": true, + "security.ssl.errorReporting.automatic": false, + "security.ssl.errorReporting.enabled": false, + "security.ssl.errorReporting.url": "", + "security.OCSP.enabled": 1, + "security.cert_pinning.enforcement_level": 1, + "network.stricttransportsecurity.preloadlist": true, + "security.mixed_content.block_display_content": true, + "security.ssl.treat_unsafe_negotiation_as_broken": true, + "security.insecure_connection_icon.enabled": true, + }, + { + } + ] + } +] From 49ede7e9320d5c2e6e2ab5bb81c14f7ea998a004 Mon Sep 17 00:00:00 2001 From: StarPicard <8884658+StarPicard@users.noreply.github.com> Date: Fri, 23 Mar 2018 16:19:49 +0100 Subject: [PATCH 2/3] Update https.json --- settings/https.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings/https.json b/settings/https.json index d29c1ef..d372a65 100644 --- a/settings/https.json +++ b/settings/https.json @@ -39,7 +39,7 @@ }, { "security.tls.version.min": 3, - "security.tls.version.fallback-limit": 1, + "security.tls.version.fallback-limit": 3, "security.tls.version.max": 4, "security.ssl.disable_session_identifiers": true, "security.ssl.errorReporting.automatic": false, From f67666a0776305673b47746374a8f045ad2c244b Mon Sep 17 00:00:00 2001 From: StarPicard <8884658+StarPicard@users.noreply.github.com> Date: Fri, 23 Mar 2018 18:53:36 +0100 Subject: [PATCH 3/3] Set to default profile According to #114 --- settings/https.json | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/settings/https.json b/settings/https.json index d372a65..d614726 100644 --- a/settings/https.json +++ b/settings/https.json @@ -3,19 +3,21 @@ "name": "https", "type": "choice", "label": "Set https security level", - "help_text": null, + "help_text": "Warning: the levels \"Ultra\" and \"Strong\" might corrupt some websites.", "choices": [ - "Ultra", + "Normal", "Strong", - "Normal" + "Ultra" ], - "initial": 2, + "initial": 0, "addons": [ [], [], [] ], "config": [ + { + }, { "security.tls.version.min": 3, "security.tls.version.fallback-limit": 3, @@ -24,17 +26,11 @@ "security.ssl.errorReporting.automatic": false, "security.ssl.errorReporting.enabled": false, "security.ssl.errorReporting.url": "", - "security.tls.enable_0rtt_data": false, - "security.ssl.enable_ocsp_stapling": true, "security.OCSP.enabled": 1, - "security.OCSP.require": true, - "security.cert_pinning.enforcement_level": 2, + "security.cert_pinning.enforcement_level": 1, "network.stricttransportsecurity.preloadlist": true, - "security.mixed_content.block_active_content": true, "security.mixed_content.block_display_content": true, - "security.pki.sha1_enforcement_level": 1, "security.ssl.treat_unsafe_negotiation_as_broken": true, - "browser.ssl_override_behavior": 1, "security.insecure_connection_icon.enabled": true, }, { @@ -45,14 +41,18 @@ "security.ssl.errorReporting.automatic": false, "security.ssl.errorReporting.enabled": false, "security.ssl.errorReporting.url": "", + "security.tls.enable_0rtt_data": false, + "security.ssl.enable_ocsp_stapling": true, "security.OCSP.enabled": 1, - "security.cert_pinning.enforcement_level": 1, + "security.OCSP.require": true, + "security.cert_pinning.enforcement_level": 2, "network.stricttransportsecurity.preloadlist": true, + "security.mixed_content.block_active_content": true, "security.mixed_content.block_display_content": true, + "security.pki.sha1_enforcement_level": 1, "security.ssl.treat_unsafe_negotiation_as_broken": true, + "browser.ssl_override_behavior": 1, "security.insecure_connection_icon.enabled": true, - }, - { } ] }