Closed
Bug 1332964
Opened 7 years ago
Closed 7 years ago
Verify readiness of infra to handle HTTPS only traffic to hg.mozilla.org
Categories
(Release Engineering :: Release Automation: Other, defect)
Release Engineering
Release Automation: Other
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: hwine, Unassigned)
References
Details
RelEng needs to verify that no problems will be caused when hg.mozilla.org is switched to HTTPS only. The current concerns are about: - older tooling supporting SNI properly, and - older tooling supporting cipher suites that will be used. - older tooling that may need config changes to avoid new error messages regarding certificates. (i.e. apply steps from bug 1147548 comment 12)
Comment 1•7 years ago
|
||
Error messages like this may appear from older mercurial clients due to Mercurial recommending the use of TLSv1.[12] over 1.0: Jan 23 04:00:04 buildbot-master91.bb.releng.usw2.mozilla.com maybe_reconfig.sh: warning: connecting to hg.mozilla.org using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
Comment 2•7 years ago
|
||
Just checked papertrail for that mercurial warning, and it's only buildbotmaster\d+.bb.releng.{region} that are generating it, so it may not be worth the effort of updating if they're Going Away Soon.
Reporter | ||
Comment 3•7 years ago
|
||
Per email with :gps, confirmed that: - SNI is not a concern for hg.mozilla.org - no change in existing cipher suites will be made at this time - It is not a blocker, but use of TLS 1.0 is not a good thing (see comment 1 and comment 2) We have that concern mitigated by explicit specification of the known good certificate's fingerprint in the relevant .hgrc files. With all that taken care of, there is nothing to do prior to the change.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•