From aca03265d524743a5fd59e006233fc89113f0231 Mon Sep 17 00:00:00 2001
From: Exodion <31079484+Exodion@users.noreply.github.com>
Date: Mon, 13 Nov 2017 22:44:55 +0300
Subject: [PATCH] Option for OCSP Must-Staple

---
 user.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/user.js b/user.js
index 86aafbe..6711911 100644
--- a/user.js
+++ b/user.js
@@ -745,6 +745,9 @@ user_pref("security.OCSP.enabled", 1);
  * [WARNING] Since FF44 the default is false. If set to true, this will cause some site breakage
  * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
 user_pref("security.OCSP.require", true);
+/* 1213: require a stapled OCSP response from the CA
+ * [1] https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/ ***/
+user_pref("security.ssl.enable_ocsp_must_staple", true);
 /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/
 /* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+)
  * 0=disable detecting Family Safety mode and importing the root