TLS Delegated Credentials Experiment

You're about to test the new draft standard for TLS Delegated Credentials, a mechanism to limit exposure to sensitive key material for web servers.

If you navigate to https://enabled.dc.crypto.mozilla.org with Delegated Credentials support turned-on in Firefox Nightly or Beta, then Firefox and the web server will determine their trust using a TLS key-pair that was issued without the direct involvement of a certificate authority.

This test could fail — There are certain network devices which may not understand the delegated credential handshake. If you attempt to navigate to https://enabled.dc.crypto.mozilla.org and receive an error page, then you might have been so affected.

Try it out

  1. In a Firefox Nightly or Beta window, navigate to about:config.
  2. Search for the “security.tls.enable_delegated_credentials” preference - the preference list will update as you type, and “delegated” is itself enough to find the correct preference.
  3. Click the Toggle button to set the value to true.
  4. Open https://enabled.dc.crypto.mozilla.org.

Learn more

For more information about this test, visit the Mozilla Security blog's post Validating Delegated Credentials for TLS in Firefox.