Closed
Bug 1496467
Opened 6 years ago
Closed 6 years ago
Enable Symantec Distrust in Firefox 64 Beta
Categories
(Core :: Security: PSM, enhancement, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla64
People
(Reporter: wthayer, Assigned: jcj)
Details
(Keywords: site-compat)
Attachments
(1 file)
In bug 1460062, we defaulted "security.pki.distrust_ca_policy" pref to the value of 2 in Nightly, but prevented the change from riding into 63 Beta or Release. Now we want the change to remain in 64 Nightly and to be made in 64 Beta and Release when they ship. This should be documented in release notes.
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → jjones
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•6 years ago
|
||
The symantec distrust should now ride-the-trains in Firefox 64 Beta and Release. Set security.pki.distrust_ca_policy to 2.
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/31e9bd2f1ef7 Enable Symantec Distrust in Firefox 64 r=keeler
Comment 3•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/31e9bd2f1ef7
Comment 4•6 years ago
|
||
Release Note Request (optional, but appreciated) [Why is this notable]: a chunk of TLS certificates get distrusted [Affects Firefox for Android]: yes [Suggested wording]: TLS certificates issued by the Symantec certificate authority are no longer trusted by Firefox [Links (documentation, blog post, etc)]: https://blog.mozilla.org/security/2018/07/30/update-on-the-distrust-of-symantec-tls-certificates/ https://blog.nightly.mozilla.org/2018/08/14/symantec-distrust-in-firefox-nightly-63/ https://wiki.mozilla.org/CA:Symantec_Issues (happy to change the text, mostly just setting the flag so I get to this for 64.0beta)
relnote-firefox:
--- → ?
Comment 5•6 years ago
|
||
Added to 64beta relnotes: TLS certificates issued by Symantec are no longer trusted by Firefox. Website operators are strongly encouraged to replace any remaining Symantec TLS certificates as soon as possible, before Firefox 64 final release on December 11.
Comment 6•6 years ago
|
||
Updated the site compatibility note: https://www.fxsitecompat.com/en-CA/docs/2018/symantec-geotrust-rapidssl-thawte-verisign-certificates-will-all-be-distrusted-in-october-2018/
Keywords: site-compat
You need to log in
before you can comment on or make changes to this bug.
Description
•