Closed
Bug 1268728
Opened 8 years ago
Closed 8 years ago
Remove ability to enable RC4
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla50
| Tracking | Status | |
|---|---|---|
| firefox50 | --- | fixed |
People
(Reporter: emk, Assigned: emk)
References
Details
(Keywords: dev-doc-complete, site-compat, Whiteboard: [psm-assigned])
Attachments
(2 files, 1 obsolete file)
|
19.87 KB,
patch
|
emk
:
review+
|
Details | Diff | Splinter Review |
|
9.71 KB,
patch
|
emk
:
review+
|
Details | Diff | Splinter Review |
Chrome 53 will remove a Group Policy setting to re-enable RC4. The expected release date of Chrome 53 is earlier than Firefox 49. I left some dead code in case we have to backout the change. Try run: https://treeherder.mozilla.org/#/jobs?repo=try&revision=2a6f842b701a
Attachment #8746864 -
Flags: review?(dkeeler)
Comment on attachment 8746864 [details] [diff] [review] rm_rc4_pref Review of attachment 8746864 [details] [diff] [review]: ----------------------------------------------------------------- This looks good, but I think we should delay this until 50. Also, what's the Chrome bug on removing the group policy? ::: security/manager/ssl/nsNSSComponent.cpp @@ -1112,5 @@ > - TLS_RSA_WITH_RC4_128_SHA, true, true }, // deprecated (RSA key exchange, RC4) > - { "security.ssl3.rsa_rc4_128_md5", > - TLS_RSA_WITH_RC4_128_MD5, true, true }, // deprecated (RSA key exchange, RC4, HMAC-MD5) > - > - // All the rest are disabled by default nit: let's keep this comment
Attachment #8746864 -
Flags: review?(dkeeler) → review+
|
Assignee | |
Comment 2•8 years ago
|
||
(In reply to David Keeler [:keeler] (use needinfo?) from comment #1) > This looks good, but I think we should delay this until 50. OK. > Also, what's the > Chrome bug on removing the group policy? Chrome already embedded the supported version range when they landed RC4-deprecate patch: https://chromium.googlesource.com/chromium/src.git/+/14b1a53362ffb727e02bdf27e24e93c5f9b2d423%5E!/#F3 Their infrastructure will automatically kill the "RC4Enabled" policy when the Chromium version goes beyond 52. No explicit removal patch is needed. > ::: security/manager/ssl/nsNSSComponent.cpp > > - // All the rest are disabled by default > > nit: let's keep this comment I didn't restore the "by default" part because there is no way to enable unlisted cipher suites.
Attachment #8746864 -
Attachment is obsolete: true
Attachment #8747958 -
Flags: review+
|
|
Assignee | |
Updated•8 years ago
|
Target Milestone: --- → mozilla50
Version: 46 Branch → unspecified
Assignee: nobody → VYV03354
Whiteboard: [psm-assigned]
Blocks: 1165421
Blocks: 1130670
|
|
Assignee | |
Comment 3•8 years ago
|
||
I stopped to remove test_weak_crypto.js because bug 1113974 will reuse it very soon.
Attachment #8760678 -
Flags: review+
|
|
Assignee | |
Comment 4•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=7ff7fb82704e
|
|
Assignee | |
Comment 5•8 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/7afaa7546076f20c447c87e352a9953101977647 Bug 1268728 - Remove ability to enable RC4. r=keeler
|
||
Comment 6•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/7afaa7546076
|
||
Comment 7•8 years ago
|
||
Posted the site compatibility doc, since I've seen some users on SUMO who are confused with this change: https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/
Keywords: dev-doc-needed,
site-compat
|
||
Comment 8•7 years ago
|
||
Noted on Firefox 50 for developers.
Keywords: dev-doc-needed → dev-doc-complete
You need to log in
before you can comment on or make changes to this bug.
Description
•