Closed
Bug 1128763
Opened 10 years ago
Closed 9 years ago
Do insecure fallback after PR_CONNECT_RESET_ERROR for whitelisted sites only
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla38
People
(Reporter: emk, Assigned: emk)
References
Details
Attachments
(1 file)
4.62 KB,
patch
|
keeler
:
review+
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #1127285 +++ Accroding to bug 1084025 comment #99, only one of ~211k sites failed with PR_CONNECT_RESET_ERROR due to intolerance. We should consider removing PR_CONNECT_RESET_ERROR from fallback reasons. It will reduce accidental fallbacks due to network glitches.
Attachment #8558221 -
Flags: review?(dkeeler)
Assignee | ||
Updated•10 years ago
|
Summary: Remove unneeded insecure fallback reasons → Whitelist PR_CONNECT_RESET_ERROR as a fallback reason
Assignee | ||
Comment 1•10 years ago
|
||
Please apply the patch from bug 1116891 first (it is already r+'ed). I'll land it along with this bug because it will loosen security without a fix for this bug.
Assignee | ||
Comment 2•10 years ago
|
||
And I kept bug 1116891 separate because I consider to uplift bug 1116891 to branches, but this bug depends on bug 1084025 which was rejected to land beta.
Comment 3•10 years ago
|
||
Comment on attachment 8558221 [details] [diff] [review] 1127285_whitelist_rst_intolerance Review of attachment 8558221 [details] [diff] [review]: ----------------------------------------------------------------- Ok - r=me with comment addressed. As an aside, I think a more informative summary for this bug might be something like "do insecure fallback after PR_CONNECT_RESET_ERROR for whitelisted sites only" (much like the comment in nsNSSIOLayer.cpp). ::: netwerk/base/security-prefs.js @@ +15,4 @@ > # bug 1126652, www.animate-onlineshop.jp > # bug 1126654, www.gamers-onlineshop.jp > +# bug 1127611, www.utahbar.org > +pref("security.tls.insecure_fallback_hosts", "www.kredodirect.com.ua,web3.secureinternetbank.com,cmypage.kuronekoyamato.co.jp,www.timewarnercable.com,wayfarer.timewarnercable.com,airportwifi.com,cart.pcpitstop.com,books.wwnorton.com,emaildvla.direct.gov.uk,www.gosignmeup.com,m.getawaytoday.com,cualerts.dupaco.com,www.animate-onlineshop.jp,www.gamers-onlineshop.jp,www.utahbar.org"); Let's keep changes to this list separate from functionality changes.
Attachment #8558221 -
Flags: review?(dkeeler) → review+
Assignee | ||
Comment 4•10 years ago
|
||
(In reply to David Keeler [:keeler] (use needinfo?) from comment #3) > Let's keep changes to this list separate from functionality changes. I simply removed the security-prefs.js change. It will be moot once bug 1128227 is landed anyway. https://treeherder.mozilla.org/#/jobs?repo=try&revision=69e7e86ec809 https://hg.mozilla.org/integration/mozilla-inbound/rev/b202f0f65da5
Assignee: nobody → VYV03354
Status: NEW → ASSIGNED
Summary: Whitelist PR_CONNECT_RESET_ERROR as a fallback reason → Do insecure fallback after PR_CONNECT_RESET_ERROR for > whitelisted sites only
Assignee | ||
Updated•10 years ago
|
Summary: Do insecure fallback after PR_CONNECT_RESET_ERROR for > whitelisted sites only → Do insecure fallback after PR_CONNECT_RESET_ERROR for whitelisted sites only
https://hg.mozilla.org/mozilla-central/rev/b202f0f65da5
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox38:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
Comment 6•9 years ago
|
||
Landed as part of a roll-up patch in bug 1128227. https://hg.mozilla.org/releases/mozilla-aurora/rev/1e9694bbffaa
status-firefox37:
--- → fixed
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•