| View previous topic :: View next topic |
| Author |
Message |
DawgG
l33t
Joined: 17 Sep 2003
Posts: 841
|
 Posted: Fri Sep 13, 2019 2:11 pm Post subject: Firefox 69 "insecure warning" - how to turn off? |
 |
|
i'm using firefox 69 (~amd64) inside our corpnet where i frequently connect to webapps on internal servers with self-signed ssl-certs. so far i have found no way to turn off firefox's related annoying security-warning and am required to issue many extra-clicks before i can connect (which is slowly, but steadily driving me MAD).
is there a way to silence this either via about:config or a "policy?"
THX for your input!
_________________
DUMM KLICKT GUT. |
|
| Back to top |
|
 |
joanandk
Tux's lil' helper
Joined: 12 Feb 2017
Posts: 126
|
| Posted: Fri Sep 13, 2019 8:47 pm Post subject: |
|
|
Aha, ein Genosse 
Did you try "security.insecure_field_warning.contextual.enabled = false"?
BR |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 16461
|
| Posted: Sat Sep 14, 2019 1:29 am Post subject: |
|
|
What about solving this with a corporate policy that self-signed certificates are not allowed on production resources, and that those resources should either use a publicly trusted certificate or obtain one from a CA run by corporate IT? If the latter, you can add corporate IT as a trusted CA (if you actually trust your IT department...) to silence all the offending servers at once.
You could justify such a policy on the basis that self-signed certificates train users to ignore browser warnings, and training users to behave insecurely is bad for corporate security. |
|
| Back to top |
|
|
transsib
l33t
Joined: 26 Jul 2003
Posts: 889
|
| Posted: Sat Sep 14, 2019 9:37 am Post subject: |
|
|
Here too for our personal local NAS 
EDIT: I can set a cert in my NAS; haven´t done that yet.
Last edited by transsib on Sat Sep 14, 2019 1:41 pm; edited 1 time in total |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5923
|
| Posted: Sat Sep 14, 2019 11:24 am Post subject: |
|
|
shouldn't this only pop up the first time you visit the site? if you click add exception and click the checkbox on the next window, you shouldn't see it again for that certificate.
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
DawgG
l33t
Joined: 17 Sep 2003
Posts: 841
|
| Posted: Tue Sep 17, 2019 8:34 am Post subject: |
|
|
| Quote: | | Did you try "security.insecure_field_warning.contextual.enabled = false"? |
AFAIK it'sa only for "insecure" input-fields inside secure pages, but for testing it set in anyway and the problem remains.
don't get me started on that...
what happend to the good'ole (os-independent!) prefs-file with lockPref? why did they have to spiit it into at least three os-dependent variants with ever-changing, version-dependent options? i checked about:policies (where i also set some other stuff) and to me it looks like there is no option to trust certs mozilla does not like.
just to make sure i also set "disable usersecuritybypass" to false https://github.com/mozilla/policy-templates#disablesecuritybypass and it does not change anything.
while changing corp-policy compan-wide is a good idea it's just not possible in my environment (too large).
| Quote: | | shouldn't this only pop up the first time you visit the site? if you click add exception and click the checkbox on the next window, you shouldn't see it again for that certificate. |
that's what i was hoping, too, but they removed that option (or, maybe, i am too stupid to find it.) in the esr-versions the displaying of this option is dependent on "private browsing" settings which i cannot find in ffox 69. (in esr, you have to turn off "private browsing" to be shown the relevant checkbox and check it, but after that you can turn on "private browsing again and the problem remains solved.)
so, any further ideas?
_________________
DUMM KLICKT GUT. |
|
| Back to top |
|
|
DawgG
l33t
Joined: 17 Sep 2003
Posts: 841
|
| Posted: Tue Sep 17, 2019 9:14 am Post subject: |
|
|
btw, here is my policy file (/usr/lib64/firefox/distribution/policies.json):
| Code: | {
"policies": {
"DisableAppUpdate": true,
"DisableTelemetry": true,
"DisableFeedbackCommands": true,
"DisableFirefoxAccounts": true,
"DisableFirefoxStudies": true,
"DisablePocket": true,
"DisableProfileRefresh": true,
"PromptForDownloadLocation": true,
"SearchSuggestEnabled": false,
"DNSOverHTTPS": {
"Enabled": false,
"ProviderURL": "",
"Locked": true
},
"DisableSecurityBypass": {
"InvalidCertificate": false,
"SafeBrowsing": false
}
}
}
|
_________________
DUMM KLICKT GUT. |
|
| Back to top |
|
|
DawgG
l33t
Joined: 17 Sep 2003
Posts: 841
|
| Posted: Sat Oct 19, 2019 12:22 pm Post subject: [SOLVED] (?) as of version 69.0.3 |
|
|
't seems they got rid of this silly "enhancement" as of version 69.0.3. what's the status on your installations?
_________________
DUMM KLICKT GUT. |
|
| Back to top |
|
|
|
Desktop Environments
