Closed Bug 1487279 Opened 1 year ago Closed 1 year ago
Pref and disable hello downgrade protection
46 bytes, text/x-phabricator-request
|Details | Review|
We have reason to believe that the version downgrade protections in TLS 1.3 are likely to cause problems in the short term. That is, there are some MitM boxes that do things like copy ServerHello.random. Inadvisable as that may be, we don't want to suddenly break all of those at the same time. What we want to do is break them progressively. All we need is a pref to disable the check (which NSS already has), then we turn the screws gradually using Normandy/Shield. This bug is just to get the pref in place.
Attachment #9005083 - Attachment description: Bug 1487279 - Pref to control TLS downgrade check, r?ekr → Bug 1487279 - Pref to control TLS downgrade check, r?keeler
Comment on attachment 9005083 [details] Bug 1487279 - Pref to control TLS downgrade check, r?keeler Dana Keeler [:keeler] (she/her) (use needinfo) has approved the revision.
Attachment #9005083 - Flags: review+
Priority: -- → P1
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/autoland/rev/8cc7bb447779 Pref to control TLS downgrade check, r=keeler
You need to log in before you can comment on or make changes to this bug.