Closed Bug 1522182 Opened 5 years ago Closed 5 years ago

Add policies for minimum and maximum TLS

Categories

(Firefox :: Enterprise Policies, enhancement, P1)

Product:
Firefox
Component:
Enterprise Policies
Type:
enhancement

Tracking

()

Status:
VERIFIED FIXED
Milestone:
Firefox 66
Tracking Flags:
Tracking Status
firefox-esr60 --- verified
firefox66 --- verified
firefox67 --- verified

People

(Reporter: mkaply, Assigned: mkaply)

References

Details

Attachments

(1 file)

Bug 1522182 - Add policies for SSL version max/min
47 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-esr60+
Details | Review

We need policies for min/max TLS to be consistent Chrome and for the DOD STIG.

Priority: -- → P1
Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/f83934422518
Add policies for SSL version max/min r=Felipe

https://hg.mozilla.org/mozilla-central/rev/f83934422518

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox66: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 66
Depends on: 1523160
Depends on: 1523669

Comment on attachment 9038850 [details]
Bug 1522182 - Add policies for SSL version max/min

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Policy only change.
  • User impact if declined: Policy not available for SSL.
  • Fix Landed on Version: 66
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Policy only. Has automated test.
  • String or UUID changes made by this patch: String change in the other bug is NOT needed for ESR.
Attachment #9038850 - Flags: approval-mozilla-esr60?

Comment on attachment 9038850 [details]
Bug 1522182 - Add policies for SSL version max/min

Adds a new SSL version policy needed for parity with Fx66. Approved for 60.6esr.

Attachment #9038850 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
Flags: qe-verify+

I managed to verify the policies for Max and Min TLS values on Firefox 60.5.3esr, Firefox 66.0b13 and on Firefox 67.0a1 (2019-03-05).
Tests were performed under Windows 10x64, Ubuntu 16.04x64 and under macOS 10.12.6.
The TLS values are correctly displayed and locked in about:config and the correct value is displayed in about:policies(not available on ESR build).
I've also performed some tests using websites with higher or lower TLS values than added in policies.json file, and the correct behavior was encountered.
Marking this issues Verified Fixed.

Status: RESOLVED → VERIFIED
status-firefox66: fixedverified
status-firefox67: --- → verified
status-firefox-esr60: fixedverified
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: