Closed Bug 1197644 Opened 5 years ago Closed 5 years ago
Remove the security
.ssl .warn _missing _rfc5746 pref
40 bytes, text/x-review-board-request
According to the August 2015 SSL Pulse data: > Renegotiation Support > Secure renegotiation: 93.5% > Insecure renegotiation: 2.5% > Both: 0.8% > No support: 3.2% Servers that don't support secure renegotation are now in the minority. The people who run these servers should take action, so allowing the console warning to be disabled seems counter-productive. In particular, servers need to *indicate* that they are not vulnerable to CVE-2009-3555. https://tools.ietf.org/html/rfc5746#section-4.3: > In order to enable clients to probe, even servers that do not support > renegotiation MUST implement the minimal version of the extension > described in this document for initial handshakes, thus signaling > that they have been upgraded.
Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref.
Attachment #8652197 - Flags: review?(dkeeler)
Comment on attachment 8652197 [details] MozReview Request: Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref. https://reviewboard.mozilla.org/r/17097/#review15317 Cool. ::: security/manager/ssl/nsNSSCallbacks.cpp:1244 (Diff revision 1) > // XXX Bug 883674: We shouldn't be formatting messages here in PSM; instead, I would also like to see bug 883674 fixed. It should be pretty much the same as the other console warnings we've done recently.
Attachment #8652197 - Flags: review?(dkeeler) → review+
(In reply to David Keeler [:keeler] (use needinfo?) from comment #2) > I would also like to see bug 883674 fixed. It should be pretty much the same > as the other console warnings we've done recently. Yeah, I actually have WIPs for this already. I still have to solve some issues, but I'll post the WIPs later.
Thanks for the review! https://treeherder.mozilla.org/#/jobs?repo=try&revision=765bde861c1a
You need to log in before you can comment on or make changes to this bug.