Closed Bug 1197644 Opened 5 years ago Closed 5 years ago

Remove the security.ssl.warn_missing_rfc5746 pref

Categories

(Core :: Security: PSM, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla43
Tracking Status
firefox43 --- fixed

People

(Reporter: Cykesiopka, Assigned: Cykesiopka)

Details

Attachments

(1 file)

According to the August 2015 SSL Pulse data:
> Renegotiation Support
> Secure renegotiation: 93.5%
> Insecure renegotiation: 2.5%
> Both: 0.8%
> No support: 3.2%

Servers that don't support secure renegotation are now in the minority. The people who run these servers should take action, so allowing the console warning to be disabled seems counter-productive.

In particular, servers need to *indicate* that they are not vulnerable to CVE-2009-3555.
https://tools.ietf.org/html/rfc5746#section-4.3:
> In order to enable clients to probe, even servers that do not support
> renegotiation MUST implement the minimal version of the extension
> described in this document for initial handshakes, thus signaling
> that they have been upgraded.
Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref.
Attachment #8652197 - Flags: review?(dkeeler)
Comment on attachment 8652197 [details]
MozReview Request: Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref.

https://reviewboard.mozilla.org/r/17097/#review15317

Cool.

::: security/manager/ssl/nsNSSCallbacks.cpp:1244
(Diff revision 1)
>    // XXX Bug 883674: We shouldn't be formatting messages here in PSM; instead,

I would also like to see bug 883674 fixed. It should be pretty much the same as the other console warnings we've done recently.
Attachment #8652197 - Flags: review?(dkeeler) → review+
(In reply to David Keeler [:keeler] (use needinfo?) from comment #2)
> I would also like to see bug 883674 fixed. It should be pretty much the same
> as the other console warnings we've done recently.

Yeah, I actually have WIPs for this already. I still have to solve some issues, but I'll post the WIPs later.
https://hg.mozilla.org/mozilla-central/rev/cbf83a6ab5e6
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
You need to log in before you can comment on or make changes to this bug.