Closed Bug 1644528 Opened 4 months ago Closed 3 months ago

Allow cipher policy to enable ciphers

Categories

(Firefox :: Enterprise Policies, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
Firefox 79
Tracking Status
firefox-esr68 79+ fixed
firefox-esr78 78+ fixed
firefox77 --- wontfix
firefox78 --- fixed
firefox79 --- fixed

People

(Reporter: mkaply, Assigned: mkaply)

References

Details

Attachments

(2 files, 2 obsolete files)

When I originally envisioned the cipher policy, it was only to allow folks to turn them off

There might be cases where we turned things off an enterprise needs something on for some reason.

So we should allow for this.

Attachment #9156435 - Attachment is obsolete: true
Attachment #9156439 - Attachment is obsolete: true

Seems like this would be useful in ESR 78. It's getting late, but could still make b9 if it were requested immediately

See Also: → 1496639
Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/96cb8930adee
Allow DisabledCiphers policy to enable ciphers. r=keeler

Comment on attachment 9155413 [details]
Bug 1644528 - Allow DisabledCiphers policy to enable ciphers. r?keeler

Beta/Release Uplift Approval Request

  • User impact if declined: Enterprises unable to reenable ciphers that we disable.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Policy only.
  • String changes made/needed:
Attachment #9155413 - Flags: approval-mozilla-beta?
Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 79

Comment on attachment 9155413 [details]
Bug 1644528 - Allow DisabledCiphers policy to enable ciphers. r?keeler

approved for 78.0b9

Attachment #9155413 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Attached patch Patch for ESR 68Splinter Review

[Approval Request Comment]
If this is not a sec:{high,crit} bug, please state case for ESR consideration: Policy only, parity with 78
User impact if declined: Policy for 68 doesn't match 78
Fix Landed on Version: 78
Risk to taking this patch (and alternatives if risky): Low

See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more info.

I realize this is late and if it doesn't make it until next ESR, I understand, but this allows for us to have one policy that works for 78 and 68/

Attachment #9158347 - Flags: approval-mozilla-esr68?

This missed the 68.10esr build unfortunately, but we can still uplift it for the 68.11esr build shipping alongside Fx79/78.1esr.

Comment on attachment 9158347 [details] [diff] [review]
Patch for ESR 68

Approved for 68.11esr.
Attachment #9158347 - Flags: approval-mozilla-esr68? → approval-mozilla-esr68+
You need to log in before you can comment on or make changes to this bug.