Closed Bug 634499 Opened 13 years ago Closed 9 years ago

Pref to disable all automatic downgrades based on spoofable connection failures

Categories

(Core :: Security: PSM, enhancement)

Product:
Core
Component:
Security: PSM
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1083058

People

(Reporter: matt, Unassigned)

Details

Currently, if PSM fails to make a TLS 1.0 connection, it will automatically retry with a ClientHello offering only SSL 3.0.  This negates any security benefits TLS 1.0 might have against a MITM attacker, since the attacker can just force PSM to downgrade to SSL 3.0.

Please provide a hidden preference to disable the automatic downgrade to an SSL 3.0 ClientHello while maintaining the ability to negotiate SSL 3.0 with version-tolerant servers.  An exception list like "security.ssl.renego_unrestricted_hosts" would be great.  If more automatic downgrades that can be triggered by a MITM are added to PSM in the future (e.g., bug 587407), they should also respect this preference.
Bug 1083058 added a pref that does this at a global level.

(In reply to Matt McCutchen from comment #0)
> An exception list like
> "security.ssl.renego_unrestricted_hosts" would be great.
One was added in Bug 1114816.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.