Closed Bug 1641597 Opened 4 years ago Closed 4 years ago

Support TLS Deprecation by exposing `security.tls.version.enable-deprecated` in GV

Categories

(GeckoView :: General, enhancement, P1)

Product:
GeckoView
Component:
General
Version:
78 Branch
Platform:
Unspecified
All
Type:
enhancement

Tracking

(firefox80 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla80
Tracking Flags:
Tracking Status
firefox80 --- fixed

People

(Reporter: fluffyemily, Assigned: snorp)

Details

(Whiteboard: [geckoview:m79][geckoview:m80])

Attachments

(1 file)

Bug 1641597 - Add `document.allowDeprecatedTls` for error pages
47 bytes, text/x-phabricator-request
Details | Review

Mike Taylor:

We're going to disable "oldTLS" in Firefox 78. See [1] by Thyla in case
this is news to you. The way it looks now, we're going to ship 2 weeks
before Chrome and Edge do the same. In Desktop, if you hit an oldTLS
site, you get an error page, but have the option to click a single
button to get to the content. In Fenix, however, you're presented with a
sort of ambiguous message and a button that doesn't seem to work (see [2]).

I'm not really sure if this is a Fenix UI bug, or a GeckoView problem or
what. But my concern is that Fenix users will suddenly think the browser
is broken and hop over to Chrome Mobile (there will be a 2 week window
where Chrome works and Fenix doesn't).

Do you know who we can talk to about this?

[1] https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/
[2] https://github.com/mozilla-mobile/fenix/issues/6296

Snorp response:

Yeah, this is...unfortunate. It looks like desktop has a button that flips "security.tls.version.enable-deprecated" in response to SSL_ERROR_UNSUPPORTED_VERSION or SSL_ERROR_PROTOCOL_VERSION_ALERT. Fenix does not have the ability to set a pref like that from their error pages, so that workaround isn't available. We would have to add some new facility and expose it in the error pages for Fenix to have a similar button. At a minimum, it looks like Fenix needs an update to their error pages so they can have appropriate text for those error codes.
Whiteboard: [geckoview:m79]
Severity: -- → S3
Priority: -- → P1
Assignee: nobody → snorp
Whiteboard: [geckoview:m79] → [geckoview:m79][geckoview:m80]
Pushed by jwillcox@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c8cc1be4ad27
Add `document.allowDeprecatedTls` for error pages r=geckoview-reviewers,NeilDeakin,smaug,esawin

https://hg.mozilla.org/mozilla-central/rev/c8cc1be4ad27

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox80: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla80
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: