View previous topic :: View next topic |
Author |
Message |
DawgG l33t


Joined: 17 Sep 2003 Posts: 841
|
Posted: Fri Sep 13, 2019 2:11 pm Post subject: Firefox 69 "insecure warning" - how to turn off? |
|
|
i'm using firefox 69 (~amd64) inside our corpnet where i frequently connect to webapps on internal servers with self-signed ssl-certs. so far i have found no way to turn off firefox's related annoying security-warning and am required to issue many extra-clicks before i can connect (which is slowly, but steadily driving me MAD).
is there a way to silence this either via about:config or a "policy?"
THX for your input! _________________ DUMM KLICKT GUT. |
|
Back to top |
|
 |
joanandk Tux's lil' helper

Joined: 12 Feb 2017 Posts: 126
|
Posted: Fri Sep 13, 2019 8:47 pm Post subject: |
|
|
Aha, ein Genosse
Did you try "security.insecure_field_warning.contextual.enabled = false"?
BR |
|
Back to top |
|
 |
Hu Moderator

Joined: 06 Mar 2007 Posts: 16461
|
Posted: Sat Sep 14, 2019 1:29 am Post subject: |
|
|
What about solving this with a corporate policy that self-signed certificates are not allowed on production resources, and that those resources should either use a publicly trusted certificate or obtain one from a CA run by corporate IT? If the latter, you can add corporate IT as a trusted CA (if you actually trust your IT department...) to silence all the offending servers at once.
You could justify such a policy on the basis that self-signed certificates train users to ignore browser warnings, and training users to behave insecurely is bad for corporate security. |
|
Back to top |
|
 |
transsib l33t


Joined: 26 Jul 2003 Posts: 889
|
Posted: Sat Sep 14, 2019 9:37 am Post subject: |
|
|
Here too for our personal local NAS
EDIT: I can set a cert in my NAS; haven´t done that yet.
Last edited by transsib on Sat Sep 14, 2019 1:41 pm; edited 1 time in total |
|
Back to top |
|
 |
bunder Bodhisattva

Joined: 10 Apr 2004 Posts: 5923
|
Posted: Sat Sep 14, 2019 11:24 am Post subject: |
|
|
shouldn't this only pop up the first time you visit the site? if you click add exception and click the checkbox on the next window, you shouldn't see it again for that certificate. _________________
Neddyseagoon wrote: | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
Back to top |
|
 |
DawgG l33t


Joined: 17 Sep 2003 Posts: 841
|
Posted: Tue Sep 17, 2019 8:34 am Post subject: |
|
|
Quote: | Did you try "security.insecure_field_warning.contextual.enabled = false"? |
AFAIK it'sa only for "insecure" input-fields inside secure pages, but for testing it set in anyway and the problem remains.
don't get me started on that...
what happend to the good'ole (os-independent!) prefs-file with lockPref? why did they have to spiit it into at least three os-dependent variants with ever-changing, version-dependent options? i checked about:policies (where i also set some other stuff) and to me it looks like there is no option to trust certs mozilla does not like.
just to make sure i also set "disable usersecuritybypass" to false https://github.com/mozilla/policy-templates#disablesecuritybypass and it does not change anything.
while changing corp-policy compan-wide is a good idea it's just not possible in my environment (too large).
Quote: | shouldn't this only pop up the first time you visit the site? if you click add exception and click the checkbox on the next window, you shouldn't see it again for that certificate. |
that's what i was hoping, too, but they removed that option (or, maybe, i am too stupid to find it.) in the esr-versions the displaying of this option is dependent on "private browsing" settings which i cannot find in ffox 69. (in esr, you have to turn off "private browsing" to be shown the relevant checkbox and check it, but after that you can turn on "private browsing again and the problem remains solved.)
so, any further ideas? _________________ DUMM KLICKT GUT. |
|
Back to top |
|
 |
DawgG l33t


Joined: 17 Sep 2003 Posts: 841
|
Posted: Tue Sep 17, 2019 9:14 am Post subject: |
|
|
btw, here is my policy file (/usr/lib64/firefox/distribution/policies.json):
Code: | {
"policies": {
"DisableAppUpdate": true,
"DisableTelemetry": true,
"DisableFeedbackCommands": true,
"DisableFirefoxAccounts": true,
"DisableFirefoxStudies": true,
"DisablePocket": true,
"DisableProfileRefresh": true,
"PromptForDownloadLocation": true,
"SearchSuggestEnabled": false,
"DNSOverHTTPS": {
"Enabled": false,
"ProviderURL": "",
"Locked": true
},
"DisableSecurityBypass": {
"InvalidCertificate": false,
"SafeBrowsing": false
}
}
}
|
_________________ DUMM KLICKT GUT. |
|
Back to top |
|
 |
DawgG l33t


Joined: 17 Sep 2003 Posts: 841
|
Posted: Sat Oct 19, 2019 12:22 pm Post subject: [SOLVED] (?) as of version 69.0.3 |
|
|
't seems they got rid of this silly "enhancement" as of version 69.0.3. what's the status on your installations? _________________ DUMM KLICKT GUT. |
|
Back to top |
|
 |
|