Show TLS 1.0 and 1.1 sites as "degraded" (set the STATE_IS_BROKEN flag)
Categories
(Core :: Security: PSM, enhancement, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox68 | --- | fixed |
People
(Reporter: mt, Assigned: kjacobs)
References
Details
(Whiteboard: [psm-backlog])
Attachments
(1 file)
A user-visible indication that a site is not using TLS 1.2 might be the best way to signal to users and site owners that something is wrong.
Though this is perhaps overloading this with too much (it's used for passive mixed content also), I think that the best option is this:
This shouldn't be done too far ahead of our planned deprecation date or it loses some of its impact.
|
||
Comment 1•5 years ago
|
||
Dana, I actually think this belongs into Core, since we already support showing the mentioned icon whenever STATE_IS_BROKEN is set on the security state. That sounds like what we should do here in case of earlier TLS versions.
The displayed text would be this: https://searchfox.org/mozilla-central/rev/201450283cddc9e409cec707acb65ba6cf6037b1/browser/locales/en-US/chrome/browser/browser.dtd#816,821-822
Which seems kinda accurate?
What do you think?
Ohh, right - that's a reasonable approach.
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 3•5 years ago
|
||
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0ab201cfaf67 Set SSL STATE_IS_BROKEN flag for TLS1.0 and TLS 1.1 connections. r=keeler
|
||
Comment 5•5 years ago
|
||
| bugherder | ||
Description
•