Open Bug 610090 Opened 14 years ago Updated 2 years ago

User interface to "Block sites using unsecure TLS/SSL handshake"

Categories

(Firefox :: Settings UI, enhancement)

Product:
Firefox
Component:
Settings UI
Type:
enhancement

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: yangsita, Unassigned)

Details

Attachments

(1 file)

Proposed additions to Security panel of the OptionsPreferences window
47.19 KB, image/jpeg
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)
Build Identifier: Trunk

This is a request to provide a visible user interface for users in order to allow them easier management of security.ssl.require_safe_negotiation and security.ssl.renego_unrestricted_hosts settings.

This could be achieved modifying the Security panel of the OptionsPreferences window, adding a "Block sites using unsecure TLS/SSL handshake" option and an "Exceptions..." button (Image attached).
 
Adding this options to the user interface should increase the number of users that become aware of the CVE-2009-3555 vulnerability and the risks of allowing an unsecure handshake with a non-conformant RFC 5746 server.

A year has elapsed since the publication of the vulnerability, vast majority of users are not aware of it, others do not fully understand the risks of allowing an unsecure TLS/SSL handshake and others do not even know that about:config exists.

I firmly believe that implementing this request should increase the user awareness of the existance of a security issue even if they do not understand the vulnerability at all.

This is _not_ a request to modify current default settings.

TIA


Reproducible: Always
UI is pretty much by definition not Core...
Component: Security → Preferences
Product: Core → Firefox
QA Contact: toolkit → preferences
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: