Ship TLS Certificate Compression in Release
Categories
(Core :: Security: PSM, enhancement, P2)
Tracking
()
People
(Reporter: anna.weine, Assigned: anna.weine)
References
(Depends on 1 open bug, )
Details
Attachments
(2 files)
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-beta+
|
Details | Review |
As we are currently supporting certificate compression in Nightly and Beta, it's time to roll it out to Release.
See also:
certificate compression meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1548723
enable certificate compression decoders in Beta: https://bugzilla.mozilla.org/show_bug.cgi?id=1905910
|
Assignee | |
Updated•4 months ago
|
|
|
Assignee | |
Comment 2•1 month ago
|
||
Hi,
Currently we are checking that the implementation will benefit to our users (measuring the speed) without breaking any functionality. More specifically, as the certificate compression operates with the certificates that are verified before accessing the page, wrong implementation of the certificate compression on any step would lead to not being able to access certain sites.
In order to ensure that everything is going well, we are having a set of experiments. Until now we do not observe any breakages, so we hope to be able to enable the certificate compression in Release soon.
|
|
Assignee | |
Comment 3•28 days ago
|
||
|
|
Assignee | |
Comment 5•27 days ago
|
||
As discussed the last week during the NSS call, we plan
- to enable all the cert compression algorithms;
- uplift it to beta;
- start (now) the roll-out to release.
Original Revision: https://phabricator.services.mozilla.com/D224936
|
||
Updated•27 days ago
|
|
|
||
Comment 6•27 days ago
|
||
beta Uplift Approval Request
- User impact if declined: none
- Code covered by automated testing: yes
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: Not required
- Risk associated with taking this patch: low
- Explanation of risk level: the functionality is available in Nightly/Beta + we ran several experiments
- String changes made/needed: No
- Is Android affected?: yes
|
||
Comment 7•27 days ago
|
||
| bugherder | ||
|
|
||
Updated•26 days ago
|
|
||
Updated•26 days ago
|
|
|
Assignee | |
Comment 9•21 days ago
|
||
I will leave the bug opened until we successfully ship the code to Release.
|
|
Assignee | |
Updated•14 days ago
|
|
|
Assignee | |
Updated•14 days ago
|
|
|
Assignee | |
Comment 10•14 days ago
|
||
Release Note Request (optional, but appreciated)
[Why is this notable]:
This feature reduces the size and increasing the speed of the TLS handshake.
[Affects Firefox for Android]: yes
[Suggested wording]: Added support for Certificate Compression TLS Extension.
[Links (documentation, blog post, etc)]:
https://datatracker.ietf.org/doc/html/rfc8879
|
|
Assignee | |
Updated•14 days ago
|
|
|
Assignee | |
Updated•14 days ago
|
|
|
Assignee | |
Comment 11•14 days ago
|
||
Release Note Request (optional, but appreciated)
[Why is this notable]:
This feature reduces the size and increasing the speed of the TLS handshake.
[Affects Firefox for Android]: yes
[Suggested wording]: Added support for Certificate Compression TLS Extension.
[Links (documentation, blog post, etc)]:
https://datatracker.ietf.org/doc/html/rfc8879
|
|
Assignee | |
Comment 13•13 days ago
|
||
Thanks!
Description
•