Closed
Bug 1207257
Opened 9 years ago
Closed 9 years ago
un-disable unrestricted RC4 fallback in 43
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: keeler, Assigned: keeler)
References
Details
(Keywords: dev-doc-complete, site-compat)
Attachments
(1 file)
1.32 KB,
patch
|
jcj
:
review+
lizzard
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
Bug 1201024 disabled unrestricted RC4 fallback (leaving only whitelisted sites enabled for fallback on release builds) in 43. Unfortunately, since we don't have the necessary "try again with outdated security" UX yet, we can't ship that.
Assignee | ||
Comment 1•9 years ago
|
||
Comment 2•9 years ago
|
||
Comment on attachment 8665015 [details] [diff] [review]
patch for aurora
Review of attachment 8665015 [details] [diff] [review]:
-----------------------------------------------------------------
That looks safe to me.
Attachment #8665015 -
Flags: review?(jjones) → review+
Assignee | ||
Comment 3•9 years ago
|
||
Comment on attachment 8665015 [details] [diff] [review]
patch for aurora
Approval Request Comment
[Feature/regressing bug #]: disabling RC4 fallback / bug 1201024
[User impact if declined]: release/beta users will not be able to access sites that require RC4 until something like bug 1207137 has been implemented
[Describe test coverage new/current, TreeHerder]: not exactly applicable - we have tests for RC4 fallback. This just changes a default pref value on release builds
[Risks and why]: low - this patch basically reverts the patch in bug 1201024
[String/UUID change made/needed]: none
Attachment #8665015 -
Flags: approval-mozilla-aurora?
Comment 4•9 years ago
|
||
Comment on attachment 8665015 [details] [diff] [review]
patch for aurora
Approved for uplift to aurora.
Attachment #8665015 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•9 years ago
|
status-firefox43:
--- → affected
tracking-firefox43:
--- → +
Updated•9 years ago
|
Keywords: dev-doc-needed,
site-compat
Assignee | ||
Comment 5•9 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Comment 6•9 years ago
|
||
Updated the site compatibility document: https://www.fxsitecompat.com/en-US/docs/2015/rc4-is-now-allowed-only-on-whitelisted-sites/
Comment 7•9 years ago
|
||
I've removed the notice in https://developer.mozilla.org/en-US/Firefox/Releases/43
Keywords: dev-doc-needed → dev-doc-complete
You need to log in
before you can comment on or make changes to this bug.
Description
•