Open
Bug 610090
Opened 14 years ago
Updated 2 years ago
User interface to "Block sites using unsecure TLS/SSL handshake"
Categories
(Firefox :: Settings UI, enhancement)
Firefox
Settings UI
Tracking
()
UNCONFIRMED
People
(Reporter: yangsita, Unassigned)
Details
Attachments
(1 file)
47.19 KB,
image/jpeg
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729) Build Identifier: Trunk This is a request to provide a visible user interface for users in order to allow them easier management of security.ssl.require_safe_negotiation and security.ssl.renego_unrestricted_hosts settings. This could be achieved modifying the Security panel of the OptionsPreferences window, adding a "Block sites using unsecure TLS/SSL handshake" option and an "Exceptions..." button (Image attached). Adding this options to the user interface should increase the number of users that become aware of the CVE-2009-3555 vulnerability and the risks of allowing an unsecure handshake with a non-conformant RFC 5746 server. A year has elapsed since the publication of the vulnerability, vast majority of users are not aware of it, others do not fully understand the risks of allowing an unsecure TLS/SSL handshake and others do not even know that about:config exists. I firmly believe that implementing this request should increase the user awareness of the existance of a security issue even if they do not understand the vulnerability at all. This is _not_ a request to modify current default settings. TIA Reproducible: Always
Comment 1•14 years ago
|
||
UI is pretty much by definition not Core...
Component: Security → Preferences
Product: Core → Firefox
QA Contact: toolkit → preferences
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•