Closed Bug 1496467 Opened 2 years ago Closed 2 years ago

Enable Symantec Distrust in Firefox 64 Beta

Categories

(Core :: Security: PSM, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
mozilla64
Tracking Status
relnote-firefox --- 64+
firefox64 --- fixed

People

(Reporter: wthayer, Assigned: jcj)

Details

(Keywords: site-compat)

Attachments

(1 file)

In bug 1460062, we defaulted "security.pki.distrust_ca_policy" pref to the value of 2 in Nightly, but prevented the change from riding into 63 Beta or Release. Now we want the change to remain in 64 Nightly and to be made in 64 Beta and Release when they ship.

This should be documented in release notes.
Assignee: nobody → jjones
Status: NEW → ASSIGNED
The symantec distrust should now ride-the-trains in Firefox 64 Beta and Release.
Set security.pki.distrust_ca_policy to 2.
Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/31e9bd2f1ef7
Enable Symantec Distrust in Firefox 64 r=keeler
https://hg.mozilla.org/mozilla-central/rev/31e9bd2f1ef7
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Release Note Request (optional, but appreciated)
[Why is this notable]: a chunk of TLS certificates get distrusted
[Affects Firefox for Android]: yes
[Suggested wording]: TLS certificates issued by the Symantec certificate authority are no longer trusted by Firefox
[Links (documentation, blog post, etc)]:
https://blog.mozilla.org/security/2018/07/30/update-on-the-distrust-of-symantec-tls-certificates/
https://blog.nightly.mozilla.org/2018/08/14/symantec-distrust-in-firefox-nightly-63/
https://wiki.mozilla.org/CA:Symantec_Issues

(happy to change the text, mostly just setting the flag so I get to this for 64.0beta)
relnote-firefox: --- → ?
Added to 64beta relnotes:
TLS certificates issued by Symantec are no longer trusted by Firefox. Website operators are strongly encouraged to replace any remaining Symantec TLS certificates as soon as possible, before Firefox 64 final release on December 11.
You need to log in before you can comment on or make changes to this bug.