Closed Bug 1496467 Opened 2 years ago Closed 2 years ago
Enable Symantec Distrust in Firefox 64 Beta
46 bytes, text/x-phabricator-request
|Details | Review|
In bug 1460062, we defaulted "security.pki.distrust_ca_policy" pref to the value of 2 in Nightly, but prevented the change from riding into 63 Beta or Release. Now we want the change to remain in 64 Nightly and to be made in 64 Beta and Release when they ship. This should be documented in release notes.
Assignee: nobody → jjones
Status: NEW → ASSIGNED
The symantec distrust should now ride-the-trains in Firefox 64 Beta and Release. Set security.pki.distrust_ca_policy to 2.
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/autoland/rev/31e9bd2f1ef7 Enable Symantec Distrust in Firefox 64 r=keeler
Release Note Request (optional, but appreciated) [Why is this notable]: a chunk of TLS certificates get distrusted [Affects Firefox for Android]: yes [Suggested wording]: TLS certificates issued by the Symantec certificate authority are no longer trusted by Firefox [Links (documentation, blog post, etc)]: https://blog.mozilla.org/security/2018/07/30/update-on-the-distrust-of-symantec-tls-certificates/ https://blog.nightly.mozilla.org/2018/08/14/symantec-distrust-in-firefox-nightly-63/ https://wiki.mozilla.org/CA:Symantec_Issues (happy to change the text, mostly just setting the flag so I get to this for 64.0beta)
Added to 64beta relnotes: TLS certificates issued by Symantec are no longer trusted by Firefox. Website operators are strongly encouraged to replace any remaining Symantec TLS certificates as soon as possible, before Firefox 64 final release on December 11.
Updated the site compatibility note: https://www.fxsitecompat.com/en-CA/docs/2018/symantec-geotrust-rapidssl-thawte-verisign-certificates-will-all-be-distrusted-in-october-2018/
You need to log in before you can comment on or make changes to this bug.