Closed
Bug 184940
Opened 22 years ago
Closed 21 years ago
Enable additional SSL ciphers, add configuration UI
Categories
(Core Graveyard :: Security: UI, enhancement)
Tracking
(Not tracked)
VERIFIED
FIXED
psm2.4
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(5 files, 3 obsolete files)
36.29 KB,
image/jpeg
|
Details | |
50.16 KB,
image/jpeg
|
Details | |
58.01 KB,
image/jpeg
|
Details | |
16.63 KB,
image/jpeg
|
Details | |
72.23 KB,
patch
|
KaiE
:
review+
KaiE
:
superreview+
|
Details | Diff | Splinter Review |
The intention of this bug is to: - make Mozilla's SSL code use additional ciphers available in NSS - provide an appropriate UI to control which ciphers are enabled - enable additional new ciphers by default The dialog shown "Edit/Preferences/Privacy/SSL/Edit Ciphers" should get changed appropriately. (This bug was originally filed as bug 102633, and some historical information can be found there. However, because we are now using a different strategy for implementation, and given the fact the other bug is already long and complex, I've decided to use a fresh bug.)
Assignee | ||
Comment 1•22 years ago
|
||
*** Bug 102633 has been marked as a duplicate of this bug. ***
Assignee | ||
Updated•22 years ago
|
Target Milestone: --- → 2.4
Assignee | ||
Comment 2•22 years ago
|
||
Instead of the complex UI using scrolling checkboxes attempted in bug 102633, we would like to use a simple UI that avoid scrolling, but distributes the checkboxes on three panes in a tabbed dialog. The wording for the checkboxes (including for the new ciphers) has been cleaned up and optimized by Nelson. Thanks! I'm reusing some code from the the former patches in bug 102633. We provide the new ability to open a small detailed information dialog that provides more information about a cipher in a structured layout. Here is the list of new ciphers and the names of their preference strings, that will be ENABLED BY DEFAULT: security.ssl3.rsa_rc4_128_sha SSL_RSA_WITH_RC4_128_SHA security.ssl3.dhe_rsa_aes_256_sha TLS_DHE_RSA_WITH_AES_256_CBC_SHA security.ssl3.dhe_dss_aes_256_sha TLS_DHE_DSS_WITH_AES_256_CBC_SHA security.ssl3.rsa_aes_256_sha TLS_RSA_WITH_AES_256_CBC_SHA security.ssl3.dhe_rsa_aes_128_sha TLS_DHE_RSA_WITH_AES_128_CBC_SHA security.ssl3.dhe_dss_aes_128_sha TLS_DHE_DSS_WITH_AES_128_CBC_SHA security.ssl3.rsa_aes_128_sha TLS_RSA_WITH_AES_128_CBC_SHA security.ssl3.dhe_rsa_des_ede3_sha SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA security.ssl3.dhe_dss_des_ede3_sha SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA security.ssl3.dhe_rsa_des_sha SSL_DHE_RSA_WITH_DES_CBC_SHA security.ssl3.dhe_dss_des_sha SSL_DHE_DSS_WITH_DES_CBC_SHA For completenes, here is one new cipher that will be supported, but will be DISABLED by default: security.ssl3.rsa_null_sha SSL_RSA_WITH_NULL_SHA
Assignee | ||
Comment 3•22 years ago
|
||
Assignee | ||
Comment 4•22 years ago
|
||
Assignee | ||
Comment 5•22 years ago
|
||
Assignee | ||
Comment 6•22 years ago
|
||
Assignee | ||
Comment 7•22 years ago
|
||
Comment on attachment 109069 [details]
Screenshot 1/4
Marking obsolete, wrong content-type used...
Attachment #109069 -
Attachment is obsolete: true
Assignee | ||
Updated•22 years ago
|
Attachment #109070 -
Attachment is obsolete: true
Assignee | ||
Comment 8•22 years ago
|
||
Assignee | ||
Comment 9•22 years ago
|
||
Assignee | ||
Comment 10•22 years ago
|
||
Assignee | ||
Comment 11•22 years ago
|
||
Comment on attachment 109067 [details] [diff] [review] Patch v1 Javi, can you please review?
Attachment #109067 -
Flags: review?(javi)
Assignee | ||
Comment 12•22 years ago
|
||
*** Bug 144510 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 13•22 years ago
|
||
*** Bug 85788 has been marked as a duplicate of this bug. ***
Assignee | ||
Updated•22 years ago
|
Attachment #109069 -
Attachment is obsolete: false
Attachment #109069 -
Attachment is patch: false
Attachment #109069 -
Attachment mime type: text/plain → image/jpeg
Assignee | ||
Updated•22 years ago
|
Attachment #109070 -
Attachment is obsolete: false
Attachment #109070 -
Attachment is patch: false
Attachment #109070 -
Attachment mime type: text/plain → image/jpeg
Assignee | ||
Updated•22 years ago
|
Attachment #109074 -
Attachment is obsolete: true
Assignee | ||
Updated•22 years ago
|
Attachment #109075 -
Attachment is obsolete: true
Comment 14•22 years ago
|
||
Comment on attachment 109067 [details] [diff] [review] Patch v1 r=javi
Attachment #109067 -
Flags: review?(javi) → review+
Assignee | ||
Comment 15•22 years ago
|
||
Comment on attachment 109067 [details] [diff] [review] Patch v1 Jag, can you please review?
Attachment #109067 -
Flags: superreview?(jaggernaut)
Comment 16•22 years ago
|
||
Kai, Do you have a binary for Win2K you want me to test?
Assignee | ||
Comment 17•22 years ago
|
||
I have uploaded a win32 test build to: http://www.kuix.de/mozilla/mozilla-win32-184940.zip Just unzip and run bin/mozilla.exe md5sum: f407e14b4faf0222efcd1db2bf6209a8 *mozilla-win32-184940.zip
Assignee | ||
Comment 18•22 years ago
|
||
Sean looked at the screenshots, and asks, whether we should change "Ciphersuites" into "Cipher Suites". Nelson, do you have a preference? Sean suggests, we could leave the current wording "Ciphersuites" if it appears to be more common.
Comment 19•22 years ago
|
||
I used the term "ciphersuites" (no space) because that is the term defined in the SSL3 and TLS specifications. However, for localization purposes, I'm sure it will be less confusing if it's separated into two words.
Comment 20•22 years ago
|
||
The TLS RFC uses both "cipher suite" and "CipherSuite" (note the capitalization). I think the latter is the name of a type in the formal protocol specification. In plain English prose I think it is better to use the former.
Assignee | ||
Comment 21•22 years ago
|
||
Thanks for your comments. After the superreview, I will change it to "cipher suite".
Comment 22•22 years ago
|
||
Comment on attachment 109067 [details] [diff] [review] Patch v1 >Index: mozilla/security/manager/pki/resources/content/cipherinfo.js >=================================================================== >+ var info_name; >+ var info_encryption; >+ var info_authAlg; >+ var info_keyAlg; >+ var info_keySize; >+ var info_macAlg; >+ var info_fips; >+ var info_exportable; >+ >+ info_name = document.getElementById("name"); >+ info_encryption = document.getElementById("encryption"); >+ info_authAlg = document.getElementById("authAlg"); >+ info_keyAlg = document.getElementById("keyAlg"); >+ info_keySize = document.getElementById("keySize"); >+ info_macAlg = document.getElementById("macAlg"); >+ info_fips = document.getElementById("fips"); >+ info_exportable = document.getElementById("exportable"); This is a little odd, I'd merge these two blocks. >+ if (typeof(prefValue) == "string") prefValue = (prefValue == "true"); Split this into two lines. >Index: mozilla/security/manager/ssl/src/nsCipherInfo.cpp >=================================================================== >+nsCipherInfoService::nsCipherInfoService() >+{ >+ NS_INIT_ISUPPORTS(); NS_INIT_ISUPPORTS() is no longer needed (see its definition).
Attachment #109067 -
Flags: superreview?(jaggernaut) → superreview+
Assignee | ||
Comment 23•22 years ago
|
||
New patch with all requests addressed.
Attachment #109067 -
Attachment is obsolete: true
Assignee | ||
Comment 24•22 years ago
|
||
Comment on attachment 110829 [details] [diff] [review] Patch v2 carrying forward reviews
Attachment #110829 -
Flags: superreview+
Attachment #110829 -
Flags: review+
Assignee | ||
Comment 25•22 years ago
|
||
Updating summary to describe better what we are doing.
Summary: PSM should allow the user to enable/disable additional available ciphers → Enable additional SSL ciphers, add configuration UI
Assignee | ||
Comment 26•22 years ago
|
||
Checked in, marking fixed.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 27•22 years ago
|
||
Reopening.
Assignee | ||
Comment 28•21 years ago
|
||
John, I think something must have gone wrong when you reopened the bug. You reopened without explaining why. I don't understand why you did. You added a dependency to unconfirmed bug 190160, but I don't see any relation. I'm removing the dependency and marking the bug fixed again.
Status: REOPENED → RESOLVED
Closed: 22 years ago → 21 years ago
No longer depends on: 190160
Resolution: --- → FIXED
Comment 29•21 years ago
|
||
Verified. I must not have had my coffee yet and thought I was on a different bug.
Status: RESOLVED → VERIFIED
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•