Closed
Bug 1443303
Opened 6 years ago
Closed 6 years ago
www.m.o serves sha1 from apparently a staging instance
Categories
(www.mozilla.org :: Bedrock, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: mtabara, Unassigned)
References
Details
I was accidentally glancing at view-source:https://www.mozilla.org/en-US/firefox/new/?scene=2 and saw the following: <li><a href="https://download-sha1.allizom.org/?product=firefox-stub&os=win&lang=en-US" class="download-link button button-green" data-link-type="download" data-download-version="winsha1" Which sounds a lot like we're serving content from a staging instance. Given that it's sha1 stuff on win32, this might actually be expected behavior but just thought I'd escalate this. Also, the download-sha1.mozilla.org doesn't resolve either so I'm thinking there's a bug somewhere.
Comment 1•6 years ago
|
||
This is indeed expected behavior. This is for old windows operating systems and browsers that don't support newer TLS certs. When we did this the best cert we had to use was for *.allizom.org and we could no longer get a new one for mozilla.org. I'm looking for the bug where all of this happened, but I'm quite sure that this is all as expected. We expect to be able remove it all in the coming months as all of these certs expire and pre-SP2 Win XP support is dropped.
Comment 2•6 years ago
|
||
see https://bugzilla.mozilla.org/show_bug.cgi?id=1304538#c13 Thanks for the report regardless. Always good to have people looking out for things on the site.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 3•6 years ago
|
||
Thanks for the explanation, makes perfect sense now!
You need to log in
before you can comment on or make changes to this bug.
Description
•