Ok, now I am beginning with paranoia questions. Let's begin with the browser:
does about:config work and is it possible to create/edit (new) entries?

I am thinking of setting all sequrity.ssl3.*rc4* settings to false, security.tls.version.max to 3 (tls 1.2), security.tls.version.min to 1 (disable sslv3) - look at an actual desktop firefox's about:config to know what I mean.

These parameters are working on firefox desktop and android (!) to be more crypto-stable. Because we have a 25/26 xul engine it should work on Jolla too if the parameters can be set (true?)

Does anyone tried to insert the root certs of https://cacert.org? (or are they actual in the cert store?) What is the workflow to do this? Can I see/edit my trustcenter certs stored in the cert stack of the device and the browser?

@Jolla-guys: When working on caldav/carddav/webdav: Please think about a working https-implementation and TLS/SNI working! There is a new free Carddav/Caldav implementation (DAVdroid) on Android and it took months to let the programmer think about SNI and he had problems to implement it because the os api had no way to do it. Why not just implement it at the beginning...