Add policies for minimum and maximum TLS

VERIFIED FIXED in Firefox -esr60

Status

()

enhancement
P1
normal
VERIFIED FIXED
3 months ago
2 months ago

People

(Reporter: mkaply, Assigned: mkaply)

Tracking

unspecified
Firefox 66
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox-esr60 verified, firefox66 verified, firefox67 verified)

Details

Attachments

(1 attachment)

(Assignee)

Description

3 months ago

We need policies for min/max TLS to be consistent Chrome and for the DOD STIG.

(Assignee)

Updated

3 months ago
Priority: -- → P1

Comment 2

3 months ago
Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/f83934422518
Add policies for SSL version max/min r=Felipe

Comment 3

3 months ago
bugherder
Status: ASSIGNED → RESOLVED
Last Resolved: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 66

Updated

3 months ago
Depends on: 1523160

Updated

3 months ago
Depends on: 1523669

Updated

3 months ago
Duplicate of this bug: 1525252
(Assignee)

Comment 5

2 months ago

Comment on attachment 9038850 [details]
Bug 1522182 - Add policies for SSL version max/min

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Policy only change.
  • User impact if declined: Policy not available for SSL.
  • Fix Landed on Version: 66
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Policy only. Has automated test.
  • String or UUID changes made by this patch: String change in the other bug is NOT needed for ESR.
Attachment #9038850 - Flags: approval-mozilla-esr60?

Comment on attachment 9038850 [details]
Bug 1522182 - Add policies for SSL version max/min

Adds a new SSL version policy needed for parity with Fx66. Approved for 60.6esr.

Attachment #9038850 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
Flags: qe-verify+

I managed to verify the policies for Max and Min TLS values on Firefox 60.5.3esr, Firefox 66.0b13 and on Firefox 67.0a1 (2019-03-05).
Tests were performed under Windows 10x64, Ubuntu 16.04x64 and under macOS 10.12.6.
The TLS values are correctly displayed and locked in about:config and the correct value is displayed in about:policies(not available on ESR build).
I've also performed some tests using websites with higher or lower TLS values than added in policies.json file, and the correct behavior was encountered.
Marking this issues Verified Fixed.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.