Mikaela
/
shell-things
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

chromium/managed: merge enable-ech-ocsp.json into https-everywhere.json 

This will not appear on my blog post. ECH is enough offtopic and OCSP would only bring argument on whether it's useful and is that usefulness more important than privacy leakage to non-ocsp-stapling websites.
This commit is contained in:
Aminda Suomalainen 2024-05-17 16:15:34 +03:00
parent fb57ae0ea5
commit 38c331494c
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
3 changed files with 10 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
etc/opt/chromium/policies/managed/README.md
View File

@ -42,7 +42,6 @@
- [`edge-newtabapps.json`](#edge-newtabappsjson)
- [`edge-screenshots.json`](#edge-screenshotsjson)
- [`enable-chromecast.json`](#enable-chromecastjson)
- [`enable-ech-ocsp.json`](#enable-ech-ocspjson)
- [`enable-labs.json`](#enable-labsjson)
- [`enable-passwordleakdetection.json`](#enable-passwordleakdetectionjson)
- [`enable-tab-suspend.json`](#enable-tab-suspendjson)
@ -265,16 +264,6 @@ Explicitly enables screenshotting-
Explicitly enables Chromecast support.
## `enable-ech-ocsp.json`
Enables encrypted client hello (ECH) and Online Certificate Status Protocol
(OCSP)/Certificate Revocation List (CRL) checks.
However ECH requires `"DnsOverHttpsMode": "secure"` which will break things
(and thus my files don't enable it),
or it will occassionally get disabled (I hope they implement it with system
resolver soon).
## `enable-labs.json`
Enables the beaker button "Experiments" for easier management than `about:flags`.
@ -304,7 +293,14 @@ back to Google about them.
## `https-everywhere.json`
Enforces https and attempts to upgrade http to https.
This file evolved to merge another one, so now it:
- Online Certificate Status Protocol (OCSP), and Certivicate Revokation List
(CRL) checks.
- Enables Encrypted Client-Hello (ECH), which however requires DNS-Over-HTTPS
to be used.
- Forces HTTPS-only mode to be enabled.
- Attempts to upgrade `http://` queries to `https://`
## `README.md`

4
etc/opt/chromium/policies/managed/enable-ech-ocsp.json
View File

@ -1,4 +0,0 @@
{
"EnableOnlineRevocationChecks": true,
"EncryptedClientHelloEnabled": true
}

2
etc/opt/chromium/policies/managed/https-everywhere.json
View File

@ -1,4 +1,6 @@
{
"EnableOnlineRevocationChecks": true,
"EncryptedClientHelloEnabled": true,
"HttpsOnlyMode": "force_enabled",
"HttpsUpgradesEnabled": true
}