Disable TLS 1.3 for Firefox 53 release

VERIFIED FIXED

Status

()

VERIFIED FIXED
2 years ago
2 years ago

People

(Reporter: ekr, Assigned: ekr)

Tracking

38 Branch
Points:
---

Firefox Tracking Flags

(firefox53 verified)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

2 years ago
TLS 1.3 is on in Firefox Beta, but we want it off in release pending verification.

See bug 1342082 for the corresponding 52 uplift.
(Assignee)

Comment 1

2 years ago
Created attachment 8856584 [details] [diff] [review]
Disable TLS 1.3 for FF52 Release
Comment hidden (mozreview-request)
(Assignee)

Updated

2 years ago
Attachment #8856584 - Attachment is obsolete: true
Comment on attachment 8856602 [details]
Bug 1355144 - Disable TLS 1.3 for FF53 Release.

https://reviewboard.mozilla.org/r/128556/#review130968
Attachment #8856602 - Flags: review?(dkeeler) → review+
(Assignee)

Comment 4

2 years ago
Comment on attachment 8856602 [details]
Bug 1355144 - Disable TLS 1.3 for FF53 Release.

This is for approval on 53-release candidate, not on 52.

Approval Request Comment
[Feature/Bug causing the regression]: bug 1310516 enabled TLS 1.3 by default
[User impact if declined]: interoperability concerns, iiuc
[Is this code covered by automated tests?]: yes
[Has the fix been verified in Nightly?]: no - this is for 53 only
[Needs manual test from QE? If yes, steps to reproduce]: no, but you could test by going to https://www.cloudflare.com/, opening the page info dialog, going to the security tab, and checking that under "Technical Details" it says TLS 1.2 and not TLS 1.3
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: no
[Why is the change risky/not risky?]: it just changes the default to a previously-known good value
[String changes made/needed]: none

Try push at: 
https://treeherder.mozilla.org/#/jobs?repo=try&revision=bbed84e3004e05d9faaddf3dc38081d7c86ac17d&selectedJob=90194954
Attachment #8856602 - Flags: approval-mozilla-release?
(Assignee)

Comment 5

2 years ago
Liz, per our discussion today. I'll mark this a? once Keeler has r+ed.
Tracking for 53 - last minute change that we need in the RC.  

I'd like this to land on m-r today, after the beta to release merge is done, and before the RC build.
status-firefox53: --- → affected
tracking-firefox53: --- → blocking
Flags: needinfo?(wkocher)
Flags: needinfo?(ryanvm)

Comment 7

2 years ago
uplift
https://hg.mozilla.org/releases/mozilla-release/rev/213b1f8f240974b34ebd46021df3423e2b20a434
Assignee: nobody → ekr
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox53: affected → fixed
Flags: needinfo?(wkocher)
Flags: needinfo?(ryanvm)
Resolution: --- → FIXED
(In reply to Eric Rescorla (:ekr) from comment #4)
> [Is this code covered by automated tests?]: yes
> [Has the fix been verified in Nightly?]: no - this is for 53 only
> [Needs manual test from QE? If yes, steps to reproduce]: no, but you could
> test by going to https://www.cloudflare.com/, opening the page info dialog,
> going to the security tab, and checking that under "Technical Details" it
> says TLS 1.2 and not TLS 1.3

Let's make sure this works as intended on 53.0-build1, just to be safe.
Flags: qe-verify+
Build ID: 20170410140322
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0

Verified as fixed on Firefox RC 53.0 on Windows 10 x64, Windows 7 x64, Mac OS X 10.12 and Ubuntu 16.04 x64.
Status: RESOLVED → VERIFIED
status-firefox53: fixed → verified
tracking-firefox53: blocking → ---
Flags: qe-verify+
Comment on attachment 8856602 [details]
Bug 1355144 - Disable TLS 1.3 for FF53 Release.

This landed on m-b before the merge, so is fixed in 53. Clearing the approval flag for m-r.
Attachment #8856602 - Flags: approval-mozilla-release? → approval-mozilla-release-
(Assignee)

Comment 11

2 years ago
OK that's fine too :)
Oh, except I got it exactly backwards and it landed on m-r just after the merge. Right, thanks ryan. The crucial thing is that it landed and is in the RC build...
You need to log in before you can comment on or make changes to this bug.