Offer to re-enable TLS 1.0 on SSL_ERROR_PROTOCOL_VERSION_ALERT
Categories
(Firefox :: Security, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox70 | --- | unaffected |
| firefox71 | --- | wontfix |
| firefox72 | --- | fixed |
People
(Reporter: mt, Assigned: mt)
References
Details
Attachments
(1 file)
When disabling TLS 1.0, we (temporarily) offer the option to re-enable it. This UI is currently only triggered by the SSL_ERROR_UNSUPPORTED_VERSION error code. The belief was that this was the only valid error code.
As it happens, a small number of sites generate a protocol_version alert. This is only possible if they recognize the supported_versions extension defined in TLS 1.3. So these servers support TLS 1.3, but disable TLS 1.2 and TLS 1.3. That's odd, and a bad idea, but it does happen.
At least these sites are keeping their TLS stacks up to date, even if the configuration is out of date. An offer to re-enable TLS 1.0 in that case is probably a good idea.
|
Assignee | |
Comment 1•6 years ago
|
||
As it turns out, there are some sites that generate this error. It's a small
number, but enough to justify the change.
No new tests because we can't generate this condition in our test setup.
|
|
Assignee | |
Comment 2•6 years ago
|
||
Note that this doesn't affect Beta or Release in any meaningful way because the underlying pref is not set in Beta (yet).
|
||
Comment 3•6 years ago
|
||
(In reply to Martin Thomson [:mt:] from comment #2)
Note that this doesn't affect Beta or Release in any meaningful way because the underlying pref is not set in Beta (yet).
Will it be set via uplift/normandy, though? In that case I think uplift to beta would be painless...
|
||
Comment 5•6 years ago
|
||
Backed out for failures on browser_aboutNetError.js
backout: https://hg.mozilla.org/integration/autoland/rev/4540a5373bb817c8d256b224016677dddd60546c
push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=54ca07441fded359a05aae6c22d9077e45303029&searchStr=browser-chrome&group_state=expanded&selectedJob=272890094
failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=272890094&repo=autoland&lineNumber=1176
[task 2019-10-25T02:09:35.804Z] 02:09:35 INFO - TEST-START | browser/base/content/test/about/browser_aboutNetError.js
[task 2019-10-25T02:09:36.135Z] 02:09:36 INFO - TEST-INFO | started process screencapture
[task 2019-10-25T02:09:36.249Z] 02:09:36 INFO - TEST-INFO | screencapture: exit 0
[task 2019-10-25T02:09:36.249Z] 02:09:36 INFO - Buffered messages logged at 02:09:35
[task 2019-10-25T02:09:36.249Z] 02:09:36 INFO - Entering test bound resetToDefaultConfig
[task 2019-10-25T02:09:36.249Z] 02:09:36 INFO - Change TLS config to cause page load to fail, check that reset button is shown and that it works
[task 2019-10-25T02:09:36.249Z] 02:09:36 INFO - Buffered messages logged at 02:09:36
[task 2019-10-25T02:09:36.250Z] 02:09:36 INFO - Loading and waiting for the net error
[task 2019-10-25T02:09:36.250Z] 02:09:36 INFO - TEST-PASS | browser/base/content/test/about/browser_aboutNetError.js | Should be showing error page - true == true -
[task 2019-10-25T02:09:36.250Z] 02:09:36 INFO - Buffered messages finished
[task 2019-10-25T02:09:36.250Z] 02:09:36 INFO - TEST-UNEXPECTED-FAIL | browser/base/content/test/about/browser_aboutNetError.js | prefResetButton should be visible - false == true -
[task 2019-10-25T02:09:36.250Z] 02:09:36 INFO - Stack trace:
[task 2019-10-25T02:09:36.250Z] 02:09:36 INFO - resource://testing-common/content-task.js line 110 > eval:null:11
[task 2019-10-25T02:09:36.250Z] 02:09:36 INFO - resource://testing-common/content-task.js:null:111
[task 2019-10-25T02:09:36.250Z] 02:09:36 INFO - Not taking screenshot here: see the one that was previously logged
[task 2019-10-25T02:09:36.250Z] 02:09:36 INFO - TEST-UNEXPECTED-FAIL | browser/base/content/test/about/browser_aboutNetError.js | prefResetButton has autofocus - null == "true" -
[task 2019-10-25T02:09:36.250Z] 02:09:36 INFO - Stack trace:
[task 2019-10-25T02:09:36.250Z] 02:09:36 INFO - resource://testing-common/content-task.js line 110 > eval:null:15
[task 2019-10-25T02:09:36.250Z] 02:09:36 INFO - resource://testing-common/content-task.js:null:111
[task 2019-10-25T02:09:36.251Z] 02:09:36 INFO - Waiting for the TLS 1.2 page to load after the click
[task 2019-10-25T02:09:42.261Z] 02:09:42 INFO - GECKO(1707) | 2019-10-25 02:09:42.234 firefox[1707:10329] Persistent UI failed to open file file:///Users/cltbld/Library/Saved%20Application%20State/org.mozilla.nightly.savedState/window_1.data: No such file or directory (2)
[task 2019-10-25T02:10:20.970Z] 02:10:20 INFO - Not taking screenshot here: see the one that was previously logged
[task 2019-10-25T02:10:20.970Z] 02:10:20 INFO - TEST-UNEXPECTED-FAIL | browser/base/content/test/about/browser_aboutNetError.js | Test timed out -
[task 2019-10-25T02:10:20.970Z] 02:10:20 INFO - GECKO(1707) | MEMORY STAT | vsize 7633MB | residentFast 327MB | heapAllocated 99MB
[task 2019-10-25T02:10:20.970Z] 02:10:20 INFO - TEST-OK | browser/base/content/test/about/browser_aboutNetError.js | took 45168ms
[task 2019-10-25T02:10:20.970Z] 02:10:20 INFO - Not taking screenshot here: see the one that was previously logged
[task 2019-10-25T02:10:20.971Z] 02:10:20 INFO - TEST-UNEXPECTED-FAIL | browser/base/content/test/about/browser_aboutNetError.js | Found a tab after previous test timed out: https://tls12.example.com/ -
|
|
Assignee | |
Comment 6•6 years ago
|
||
Well, that was a big mistake on my part. Those tests needed a complete rewrite for this change. I have a fix, but it will need a second pair of eyes.
|
||
Comment 8•6 years ago
|
||
| bugherder | ||
|
||
Updated•6 years ago
|
Description
•