Ship TLS Certificate Compression in Release
Categories
(Core :: Security: PSM, enhancement, P2)
Tracking
()
People
(Reporter: anna.weine, Assigned: anna.weine)
References
(Depends on 1 open bug, )
Details
Attachments
(2 files)
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-beta+
|
Details | Review |
As we are currently supporting certificate compression in Nightly and Beta, it's time to roll it out to Release.
See also:
certificate compression meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1548723
enable certificate compression decoders in Beta: https://bugzilla.mozilla.org/show_bug.cgi?id=1905910
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Comment 2•1 year ago
|
||
Hi,
Currently we are checking that the implementation will benefit to our users (measuring the speed) without breaking any functionality. More specifically, as the certificate compression operates with the certificates that are verified before accessing the page, wrong implementation of the certificate compression on any step would lead to not being able to access certain sites.
In order to ensure that everything is going well, we are having a set of experiments. Until now we do not observe any breakages, so we hope to be able to enable the certificate compression in Release soon.
|
|
Assignee | |
Comment 3•1 year ago
|
||
|
|
Assignee | |
Comment 5•1 year ago
|
||
As discussed the last week during the NSS call, we plan
- to enable all the cert compression algorithms;
- uplift it to beta;
- start (now) the roll-out to release.
Original Revision: https://phabricator.services.mozilla.com/D224936
|
||
Updated•1 year ago
|
|
|
||
Comment 6•1 year ago
|
||
beta Uplift Approval Request
- User impact if declined: none
- Code covered by automated testing: yes
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: Not required
- Risk associated with taking this patch: low
- Explanation of risk level: the functionality is available in Nightly/Beta + we ran several experiments
- String changes made/needed: No
- Is Android affected?: yes
|
||
Comment 7•1 year ago
|
||
| bugherder | ||
|
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
|
Assignee | |
Comment 9•1 year ago
|
||
I will leave the bug opened until we successfully ship the code to Release.
|
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Comment 10•1 year ago
|
||
Release Note Request (optional, but appreciated)
[Why is this notable]:
This feature reduces the size and increasing the speed of the TLS handshake.
[Affects Firefox for Android]: yes
[Suggested wording]: Added support for Certificate Compression TLS Extension.
[Links (documentation, blog post, etc)]:
https://datatracker.ietf.org/doc/html/rfc8879
|
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Comment 11•1 year ago
|
||
Release Note Request (optional, but appreciated)
[Why is this notable]:
This feature reduces the size and increasing the speed of the TLS handshake.
[Affects Firefox for Android]: yes
[Suggested wording]: Added support for Certificate Compression TLS Extension.
[Links (documentation, blog post, etc)]:
https://datatracker.ietf.org/doc/html/rfc8879
|
|
Assignee | |
Comment 13•1 year ago
|
||
Thanks!
|
||
Comment 14•1 year ago
|
||
Anna, should the 'Milestone' be set to 132 in this bug?
|
||
Comment 15•1 year ago
•
|
||
This landed on central when it was tracking 133 and uplifted to Beta for 132. The Milestone and status flags correctly reflect that.
Description
•