Closed Bug 1414752 Opened 7 years ago Closed 2 years ago

Add options to allow old SSLv3, old cyphers and override HSTS in unbranded builds or developer edition

Categories

(Core :: Security: PSM, enhancement)

58 Branch
enhancement

Tracking

()

RESOLVED WONTFIX
Tracking Status
firefox58 --- affected
firefox59 --- ?

People

(Reporter: mstanke, Unassigned)

References

Details

This request we have got as a feedback during OpenAlt conference this weekend from two attendees independently. They wanted these to access old websystem consoles for maintenance and for UI testing with self-signed certificates.
I understand this should not be in release or beta, but the unbranded builds or developer edition might have an about:config preference to enable some of these.
Component: Untriaged → Security
Severity: normal → S3
Component: Security → Security: PSM
Product: Firefox → Core

It is not possible to enable SSLv3 in Firefox, and we're not going to support being able to do so. HSTS can be disabled by setting network.stricttransportsecurity.preloadlist to false in about:config and clearing the cache using Clear Recent History -> Cache.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
See Also: → hsts-bypass
You need to log in before you can comment on or make changes to this bug.