Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Firefox 69 "insecure warning" - how to turn off?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
DawgG
l33t
l33t


Joined: 17 Sep 2003
Posts: 828

PostPosted: Fri Sep 13, 2019 2:11 pm    Post subject: Firefox 69 "insecure warning" - how to turn off? Reply with quote

i'm using firefox 69 (~amd64) inside our corpnet where i frequently connect to webapps on internal servers with self-signed ssl-certs. so far i have found no way to turn off firefox's related annoying security-warning and am required to issue many extra-clicks before i can connect (which is slowly, but steadily driving me MAD).
is there a way to silence this either via about:config or a "policy?"

THX for your input!
_________________
DUMM KLICKT GUT.
Back to top
View user's profile Send private message
joanandk
Tux's lil' helper
Tux's lil' helper


Joined: 12 Feb 2017
Posts: 92

PostPosted: Fri Sep 13, 2019 8:47 pm    Post subject: Reply with quote

Aha, ein Genosse :D

Did you try "security.insecure_field_warning.contextual.enabled = false"?

BR
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14921

PostPosted: Sat Sep 14, 2019 1:29 am    Post subject: Reply with quote

What about solving this with a corporate policy that self-signed certificates are not allowed on production resources, and that those resources should either use a publicly trusted certificate or obtain one from a CA run by corporate IT? If the latter, you can add corporate IT as a trusted CA (if you actually trust your IT department...) to silence all the offending servers at once.

You could justify such a policy on the basis that self-signed certificates train users to ignore browser warnings, and training users to behave insecurely is bad for corporate security.
Back to top
View user's profile Send private message
transsib
l33t
l33t


Joined: 26 Jul 2003
Posts: 872

PostPosted: Sat Sep 14, 2019 9:37 am    Post subject: Reply with quote

Here too for our personal local NAS :)

EDIT: I can set a cert in my NAS; haven´t done that yet.


Last edited by transsib on Sat Sep 14, 2019 1:41 pm; edited 1 time in total
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5908

PostPosted: Sat Sep 14, 2019 11:24 am    Post subject: Reply with quote

shouldn't this only pop up the first time you visit the site? if you click add exception and click the checkbox on the next window, you shouldn't see it again for that certificate.
_________________
Neddyseagoon wrote:
The problem with leaving is that you can only do it once and it reduces your influence.

banned from #gentoo since sept 2017
Back to top
View user's profile Send private message
DawgG
l33t
l33t


Joined: 17 Sep 2003
Posts: 828

PostPosted: Tue Sep 17, 2019 8:34 am    Post subject: Reply with quote

Quote:
Did you try "security.insecure_field_warning.contextual.enabled = false"?

AFAIK it'sa only for "insecure" input-fields inside secure pages, but for testing it set in anyway and the problem remains.

Quote:
corporate policy

don't get me started on that...
what happend to the good'ole (os-independent!) prefs-file with lockPref? why did they have to spiit it into at least three os-dependent variants with ever-changing, version-dependent options? i checked about:policies (where i also set some other stuff) and to me it looks like there is no option to trust certs mozilla does not like.
just to make sure i also set "disable usersecuritybypass" to false https://github.com/mozilla/policy-templates#disablesecuritybypass and it does not change anything.

while changing corp-policy compan-wide is a good idea it's just not possible in my environment (too large).

Quote:
shouldn't this only pop up the first time you visit the site? if you click add exception and click the checkbox on the next window, you shouldn't see it again for that certificate.

that's what i was hoping, too, but they removed that option (or, maybe, i am too stupid to find it.) in the esr-versions the displaying of this option is dependent on "private browsing" settings which i cannot find in ffox 69. (in esr, you have to turn off "private browsing" to be shown the relevant checkbox and check it, but after that you can turn on "private browsing again and the problem remains solved.)

so, any further ideas?
_________________
DUMM KLICKT GUT.
Back to top
View user's profile Send private message
DawgG
l33t
l33t


Joined: 17 Sep 2003
Posts: 828

PostPosted: Tue Sep 17, 2019 9:14 am    Post subject: Reply with quote

btw, here is my policy file (/usr/lib64/firefox/distribution/policies.json):
Code:
{
  "policies": {
    "DisableAppUpdate": true,
    "DisableTelemetry": true,
    "DisableFeedbackCommands": true,
    "DisableFirefoxAccounts": true,
    "DisableFirefoxStudies": true,
    "DisablePocket": true,
    "DisableProfileRefresh": true,
    "PromptForDownloadLocation": true,
    "SearchSuggestEnabled": false,
    "DNSOverHTTPS": {
       "Enabled": false,
       "ProviderURL": "",
        "Locked": true
        },
    "DisableSecurityBypass": {
      "InvalidCertificate": false,
      "SafeBrowsing": false
   }
}
}

_________________
DUMM KLICKT GUT.
Back to top
View user's profile Send private message
DawgG
l33t
l33t


Joined: 17 Sep 2003
Posts: 828

PostPosted: Sat Oct 19, 2019 12:22 pm    Post subject: [SOLVED] (?) as of version 69.0.3 Reply with quote

't seems they got rid of this silly "enhancement" as of version 69.0.3. what's the status on your installations?
_________________
DUMM KLICKT GUT.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum