Closed Bug 1355144 Opened 5 years ago Closed 5 years ago

Disable TLS 1.3 for Firefox 53 release

Categories

(Core :: Security: PSM, defect)

38 Branch
defect
Not set
normal

Tracking

()

VERIFIED FIXED
Tracking Status
firefox53 --- verified

People

(Reporter: ekr, Assigned: ekr)

Details

Attachments

(1 file, 1 obsolete file)

TLS 1.3 is on in Firefox Beta, but we want it off in release pending verification.

See bug 1342082 for the corresponding 52 uplift.
Attached patch Disable TLS 1.3 for FF52 Release (obsolete) — Splinter Review
Attachment #8856584 - Attachment is obsolete: true
Comment on attachment 8856602 [details]
Bug 1355144 - Disable TLS 1.3 for FF53 Release.

https://reviewboard.mozilla.org/r/128556/#review130968
Attachment #8856602 - Flags: review?(dkeeler) → review+
Comment on attachment 8856602 [details]
Bug 1355144 - Disable TLS 1.3 for FF53 Release.

This is for approval on 53-release candidate, not on 52.

Approval Request Comment
[Feature/Bug causing the regression]: bug 1310516 enabled TLS 1.3 by default
[User impact if declined]: interoperability concerns, iiuc
[Is this code covered by automated tests?]: yes
[Has the fix been verified in Nightly?]: no - this is for 53 only
[Needs manual test from QE? If yes, steps to reproduce]: no, but you could test by going to https://www.cloudflare.com/, opening the page info dialog, going to the security tab, and checking that under "Technical Details" it says TLS 1.2 and not TLS 1.3
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: no
[Why is the change risky/not risky?]: it just changes the default to a previously-known good value
[String changes made/needed]: none

Try push at: 
https://treeherder.mozilla.org/#/jobs?repo=try&revision=bbed84e3004e05d9faaddf3dc38081d7c86ac17d&selectedJob=90194954
Attachment #8856602 - Flags: approval-mozilla-release?
Liz, per our discussion today. I'll mark this a? once Keeler has r+ed.
Tracking for 53 - last minute change that we need in the RC.  

I'd like this to land on m-r today, after the beta to release merge is done, and before the RC build.
Flags: needinfo?(wkocher)
Flags: needinfo?(ryanvm)
https://hg.mozilla.org/releases/mozilla-release/rev/213b1f8f240974b34ebd46021df3423e2b20a434
Assignee: nobody → ekr
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(wkocher)
Flags: needinfo?(ryanvm)
Resolution: --- → FIXED
(In reply to Eric Rescorla (:ekr) from comment #4)
> [Is this code covered by automated tests?]: yes
> [Has the fix been verified in Nightly?]: no - this is for 53 only
> [Needs manual test from QE? If yes, steps to reproduce]: no, but you could
> test by going to https://www.cloudflare.com/, opening the page info dialog,
> going to the security tab, and checking that under "Technical Details" it
> says TLS 1.2 and not TLS 1.3

Let's make sure this works as intended on 53.0-build1, just to be safe.
Flags: qe-verify+
Build ID: 20170410140322
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0

Verified as fixed on Firefox RC 53.0 on Windows 10 x64, Windows 7 x64, Mac OS X 10.12 and Ubuntu 16.04 x64.
Status: RESOLVED → VERIFIED
Flags: qe-verify+
Comment on attachment 8856602 [details]
Bug 1355144 - Disable TLS 1.3 for FF53 Release.

This landed on m-b before the merge, so is fixed in 53. Clearing the approval flag for m-r.
Attachment #8856602 - Flags: approval-mozilla-release? → approval-mozilla-release-
OK that's fine too :)
Oh, except I got it exactly backwards and it landed on m-r just after the merge. Right, thanks ryan. The crucial thing is that it landed and is in the RC build...
You need to log in before you can comment on or make changes to this bug.