1804460 - Add detailed connection info to WebRequests API and DevTools

Status: RESOLVED FIXED

(Core :: Security: PSM, enhancement, P1)

Description

[Dennis Jackson]

We should expose more information about how the connection was established, e.g.

• Did it use Encrypted Client Hello?
• Did it use DNS-over-HTTPS?
• Did it use Delegated Credentials?
• Did it use OCSP?

This information will be available to addons via getSecurityInfo and displayed in the security panel for DevTools connections.

Comment 1

[Dennis Jackson]

Attachment: WIP: Bug 1804460 - Add detailed connection info to DevTools Security Tab.

Comment 2

[Dennis Jackson]

Attachment: Bug 1804460 - Add detailed connection info to WebRequest GetSecurityInfo API. r=keeler

Comment 3

[btdmaster]

It would be very useful if, when ECH is enabled, the plaintext SNI and the encrypted SNI are displayed as well. (Since OUTER is sent in plaintext, it would be good to know what is encrypted inside the INNER payload.)

Comment 4

[William Durand [:willdurand]]

We'll need to update the MDN docs: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/SecurityInfo

Comment 5

[William Durand [:willdurand]]

Attachment: Bug 1804460 - Add a smoke test. r?robwu!

Depends on D164092

Comment 6

[Pulsebot]

Pushed by djackson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a6f38e27ecbf
Add detailed connection info to WebRequest GetSecurityInfo API. r=keeler,devtools-backward-compat-reviewers,willdurand
https://hg.mozilla.org/integration/autoland/rev/20e4e0b6a005
Add a smoke test. r=robwu,djackson

Comment 7

[Cristina Horotan [:chorotan]]

https://hg.mozilla.org/mozilla-central/rev/a6f38e27ecbf
https://hg.mozilla.org/mozilla-central/rev/20e4e0b6a005

Comment 8

[Dennis Jackson]

MDN PR Filed: 24455