Enable Symantec Distrust in Firefox 64 Beta

RESOLVED FIXED in Firefox 64

Status

()

P1
normal
RESOLVED FIXED
5 months ago
4 months ago

People

(Reporter: wayne, Assigned: jcj)

Tracking

({site-compat})

unspecified
mozilla64
site-compat
Points:
---

Firefox Tracking Flags

(relnote-firefox 64+, firefox64 fixed)

Details

Attachments

(1 attachment)

(Reporter)

Description

5 months ago
In bug 1460062, we defaulted "security.pki.distrust_ca_policy" pref to the value of 2 in Nightly, but prevented the change from riding into 63 Beta or Release. Now we want the change to remain in 64 Nightly and to be made in 64 Beta and Release when they ship.

This should be documented in release notes.
(Assignee)

Updated

5 months ago
Assignee: nobody → jjones
Status: NEW → ASSIGNED
(Assignee)

Comment 1

5 months ago
Created attachment 9014465 [details]
Bug 1496467 - Enable Symantec Distrust in Firefox 64 r?keeler

The symantec distrust should now ride-the-trains in Firefox 64 Beta and Release.
Set security.pki.distrust_ca_policy to 2.

Comment 2

5 months ago
Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/31e9bd2f1ef7
Enable Symantec Distrust in Firefox 64 r=keeler

Comment 3

5 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/31e9bd2f1ef7
Status: ASSIGNED → RESOLVED
Last Resolved: 5 months ago
status-firefox64: --- → fixed
Resolution: --- → FIXED
Release Note Request (optional, but appreciated)
[Why is this notable]: a chunk of TLS certificates get distrusted
[Affects Firefox for Android]: yes
[Suggested wording]: TLS certificates issued by the Symantec certificate authority are no longer trusted by Firefox
[Links (documentation, blog post, etc)]:
https://blog.mozilla.org/security/2018/07/30/update-on-the-distrust-of-symantec-tls-certificates/
https://blog.nightly.mozilla.org/2018/08/14/symantec-distrust-in-firefox-nightly-63/
https://wiki.mozilla.org/CA:Symantec_Issues

(happy to change the text, mostly just setting the flag so I get to this for 64.0beta)
relnote-firefox: --- → ?
Added to 64beta relnotes:
TLS certificates issued by Symantec are no longer trusted by Firefox. Website operators are strongly encouraged to replace any remaining Symantec TLS certificates as soon as possible, before Firefox 64 final release on December 11.
relnote-firefox: ? → 64+
You need to log in before you can comment on or make changes to this bug.