Closed Bug 1207257 Opened 5 years ago Closed 5 years ago

un-disable unrestricted RC4 fallback in 43

Categories

(Core :: Security: PSM, defect)

43 Branch
defect
Not set
normal

Tracking

()

RESOLVED FIXED
Tracking Status
firefox43 + fixed

People

(Reporter: keeler, Assigned: keeler)

References

Details

(Keywords: dev-doc-complete, site-compat)

Attachments

(1 file)

Bug 1201024 disabled unrestricted RC4 fallback (leaving only whitelisted sites enabled for fallback on release builds) in 43. Unfortunately, since we don't have the necessary "try again with outdated security" UX yet, we can't ship that.
Attached patch patch for auroraSplinter Review
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Attachment #8665015 - Flags: review?(jjones)
Comment on attachment 8665015 [details] [diff] [review]
patch for aurora

Review of attachment 8665015 [details] [diff] [review]:
-----------------------------------------------------------------

That looks safe to me.
Attachment #8665015 - Flags: review?(jjones) → review+
Comment on attachment 8665015 [details] [diff] [review]
patch for aurora

Approval Request Comment
[Feature/regressing bug #]: disabling RC4 fallback / bug 1201024
[User impact if declined]: release/beta users will not be able to access sites that require RC4 until something like bug 1207137 has been implemented
[Describe test coverage new/current, TreeHerder]: not exactly applicable - we have tests for RC4 fallback. This just changes a default pref value on release builds
[Risks and why]: low - this patch basically reverts the patch in bug 1201024
[String/UUID change made/needed]: none
Attachment #8665015 - Flags: approval-mozilla-aurora?
Comment on attachment 8665015 [details] [diff] [review]
patch for aurora

Approved for uplift to aurora.
Attachment #8665015 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
https://hg.mozilla.org/releases/mozilla-aurora/rev/0bb47dc85ea8
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.