move 1220 to don't touch

- https://bugzilla.mozilla.org/1767489 : default changed to 1 - https://bugzilla.mozilla.org/1766687: SHA-1 support removed - keeping active for ESR91 users, after FF105 we can remove it
2025-04-29 21:43:36 +02:00 · 2022-06-04 09:57:17 +00:00 · 2022-06-04 09:57:17 +00:00 · 0b4d6593c8
commit 0b4d6593c8
parent b6805f1e65
1 changed files with 2 additions and 8 deletions
--- a/user.js
+++ b/user.js
@ -494,14 +494,6 @@ user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1]
 user_pref("security.OCSP.require", true);

 /** CERTS / HPKP (HTTP Public Key Pinning) ***/
-/* 1220: disable or limit SHA-1 certificates
- * 0 = allow all
- * 1 = block all
- * 3 = only allow locally-added roots (e.g. anti-virus) (default)
- * 4 = only allow locally-added roots or for certs in 2015 and earlier
- * [SETUP-CHROME] If you have problems, update your software: SHA-1 is obsolete
- * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/
-user_pref("security.pki.sha1_enforcement_level", 1);
 /* 1221: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS]
 * 0=disable detecting Family Safety mode and importing the root
 * 1=only attempt to detect Family Safety mode (don't import the root)
@ -1096,6 +1088,8 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
 * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
 * [WHY] To prevent wasting Mozilla's time with a custom setup ***/
 user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
+/* 6012: disable SHA-1 certificates ***/
+user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1 FF102+]
 /* 6050: prefsCleaner: reset items removed from arkenfox FF92+ ***/
   // user_pref("dom.caches.enabled", "");
   // user_pref("dom.storageManager.enabled", "");