Closed
Bug 1355624
Opened 7 years ago
Closed 7 years ago
Require TLS 1.2 for Mercurial operations
Categories
(Firefox Build System :: Task Configuration, task)
Firefox Build System
Task Configuration
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla55
People
(Reporter: gps, Assigned: gps)
References
Details
Attachments
(1 file)
Patch and commit message explaining this to follow.
Assignee | ||
Updated•7 years ago
|
Summary: Require modern TLS for Mercurial operations → Require TLS 1.2 for Mercurial operations
Comment hidden (mozreview-request) |
Comment 2•7 years ago
|
||
mozreview-review |
Comment on attachment 8857212 [details] Bug 1355624 - Make Mercurial require TLS 1.2+ connections; https://reviewboard.mozilla.org/r/129142/#review131660 ::: commit-message-abf14:22 (Diff revision 1) > +TLS 1.2+ for all https:// communications. For modern Python versions, > +this effectively prevents potential downgrade attacks to TLS 1.1 > +(connections before should have negotiated the use of TLS 1.2). > + > +I expect this change to break things. Finding and fixing automation > +that isn't capable of speaking TLS 1.1+ should be encouraged. It's hard to r+ a commit with this message! I assume testing in try is sufficient, or do you need to land and see what breaks?
Attachment #8857212 -
Flags: review?(dustin) → review+
Assignee | ||
Comment 3•7 years ago
|
||
mozreview-review-reply |
Comment on attachment 8857212 [details] Bug 1355624 - Make Mercurial require TLS 1.2+ connections; https://reviewboard.mozilla.org/r/129142/#review131660 > It's hard to r+ a commit with this message! I assume testing in try is sufficient, or do you need to land and see what breaks? I would hope Try would catch most things. But we may need to just land and see what breaks in case there are random one-off tasks not captured as part of my Try push. Every failure does represent a potential security issue. So I say let's flush 'em out! FWIW, I expect most tasks that use this code to "just work." The troublemakers will be Windows, not-TC, and TC images not using install-mercurial.sh. Anyway, my Try push looks surprisingly green. So I'm going to land this and see what happens. I imagine a sheriff won't hesitate to back me out.
Pushed by gszorc@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/26b7053440a5 Make Mercurial require TLS 1.2+ connections; r=dustin
Comment 5•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/26b7053440a5
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
Comment 6•7 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-aurora/rev/9bd10c7f6217
Comment 7•7 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-esr52/rev/154327e98878
Updated•6 years ago
|
Product: TaskCluster → Firefox Build System
You need to log in
before you can comment on or make changes to this bug.
Description
•