Closed
Bug 1414752
Opened 7 years ago
Closed 2 years ago
Add options to allow old SSLv3, old cyphers and override HSTS in unbranded builds or developer edition
Categories
(Core :: Security: PSM, enhancement)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: mstanke, Unassigned)
References
Details
This request we have got as a feedback during OpenAlt conference this weekend from two attendees independently. They wanted these to access old websystem consoles for maintenance and for UI testing with self-signed certificates.
Reporter | ||
Comment 1•7 years ago
|
||
I understand this should not be in release or beta, but the unbranded builds or developer edition might have an about:config preference to enable some of these.
Reporter | ||
Updated•7 years ago
|
Component: Untriaged → Security
Comment 2•7 years ago
|
||
status-firefox59:
--- → ?
Updated•2 years ago
|
Severity: normal → S3
Updated•2 years ago
|
Component: Security → Security: PSM
Product: Firefox → Core
![]() |
||
Comment 3•2 years ago
|
||
It is not possible to enable SSLv3 in Firefox, and we're not going to support being able to do so. HSTS can be disabled by setting network.stricttransportsecurity.preloadlist
to false
in about:config and clearing the cache using Clear Recent History
-> Cache
.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
Updated•2 years ago
|
See Also: → hsts-bypass
You need to log in
before you can comment on or make changes to this bug.
Description
•