1195789 - Fallback rc4 whitelist update for Firefox 41+

Status: RESOLVED FIXED

(Core :: Security: PSM, defect)

Description

[Masatoshi Kimura [:emk]]

+++ This bug was initially created as a clone of Bug #1165549 +++

[Tracking Requested - why for this release]: periodical task to maintain the whitelist

+++ This bug was initially created as a clone of Bug #1145844 +++

I would like to land this before the next merge.

Comment 1

[Liz Henry (:lizzard) (relman/hg->git project)]

Does this land on 41 and the other branches as well, or only on 41?  
Do we need to track it for 42 and 43? Thanks.

Comment 2

[Masatoshi Kimura [:emk]]

Needed for all branches.

Comment 3

[Ritu Kothari (:ritu) (Inactive, please n-i to RyanVM, jcristau, or pascal)]

Masatoshi, will you be a providing a patch for this bug? We are almost in the end game of Beta41 so I wanted to check on the status of this bug.

Comment 4

[Masatoshi Kimura [:emk]]

Attachment: Update fallback whitelist

* Added sites from bug 1126620 blockers and bug 1138101 blockers.
* Removed fixed sites.
* Removed the following sites that should have been removed in the previous batch:
https://www.escrowrefills.com

Keeler is on PTO. Cykesiopka, could you review this?

Comment 5

[:Cykesiopka]

Comment on attachment 8655430 [details] [diff] [review]
Update fallback whitelist

Review of attachment 8655430 [details] [diff] [review]:
-----------------------------------------------------------------

r+ with the following addressed:
 - (www.)arcgames.com (66.151.133.182) has regressed and is RC4 only again
 - profiles.uthscsa.edu (129.111.230.83) still seems intolerant
 - www.ncsoft.com (64.25.35.120) is still RC4 only

Comment 6

[Pulsebot]

https://hg.mozilla.org/integration/mozilla-inbound/rev/6273b5918d6c

Comment 7

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/6273b5918d6c

Comment 8

[Masatoshi Kimura [:emk]]

Attachment: checked-in patch

Approval Request Comment
[Feature/regressing bug #]: N/A
[User impact if declined]: Users can not connect some sites.
[Describe test coverage new/current, TreeHerder]: tested locally and m-c
[Risks and why]: Very low. Only trivial changes to static data.
[String/UUID change made/needed]: none

Comment 9

[Ritu Kothari (:ritu) (Inactive, please n-i to RyanVM, jcristau, or pascal)]

Comment on attachment 8655962 [details] [diff] [review]
checked-in patch

This is something we need to do to support websites that still use RC4. Beta41+

Comment 10

[Ritu Kothari (:ritu) (Inactive, please n-i to RyanVM, jcristau, or pascal)]

Sylvestre, should this also be uplifted to Aurora? Or is this something that needs to be only uplifted during every Beta cycle? Please help.

Comment 11

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-beta/rev/ad91736ed2de

Comment 12

[Masatoshi Kimura [:emk]]

(In reply to Ritu Kothari (:ritu) from comment #10)
> Sylvestre, should this also be uplifted to Aurora? Or is this something that
> needs to be only uplifted during every Beta cycle? Please help.

I would like to keep whitelist in sync across all trees. Otherwise whitelist maintenance is almost impossible.

Comment 13

[Sylvestre Ledru [:Sylvestre]]

Comment on attachment 8655962 [details] [diff] [review]
checked-in patch

Yep, we want that in aurora too.

Comment 14

[Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)]

https://hg.mozilla.org/releases/mozilla-aurora/rev/6a1945ebef41