1621732 - Create a policy to disable weak ciphers

Status: RESOLVED FIXED

(Firefox :: Enterprise Policies, enhancement, P3)

Description

[Mike Kaply [:mkaply]]

We should make it easy to disable weak ciphers.

See:

https://github.com/mozilla/policy-templates/issues/544

This should be a pretty simple policy. Maybe named "Ciphers" and booleans to enable/disable.

Comment 1

[Mike Kaply [:mkaply]]

Attachment: Bug 1621732 - Provide a policy to disable ciphers. r?jcj

Comment 2

[Pulsebot]

Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/3e60781a76f3
Provide a policy to disable ciphers. r=jcj,fluent-reviewers,flod

Comment 3

[Daniel Varga [:dvarga]]

https://hg.mozilla.org/mozilla-central/rev/3e60781a76f3

Comment 4

[Mike Kaply [:mkaply]]

Comment on attachment 9132675 [details]
Bug 1621732 - Provide a policy to disable ciphers. r?jcj

ESR Uplift Approval Request

• If this is not a sec:{high,crit} bug, please state case for ESR consideration: Policy update
• User impact if declined: Unable to disable ciphers via policy
• Fix Landed on Version: 76
• Risk to taking this patch: Low
• Why is the change risky/not risky? (and alternatives if risky): Policy only, automated test.
• String or UUID changes made by this patch:

Comment 5

[Ryan VanderMeulen [:RyanVM]]

Comment on attachment 9132675 [details]
Bug 1621732 - Provide a policy to disable ciphers. r?jcj

New policy addition needed to maintain parity with release. Approved for 68.8esr.

Comment 6

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-esr68/rev/13700afb84c2