Closed
Bug 643894
Opened 14 years ago
Closed 11 years ago
Insecure TLS version rollback is not disabled for HSTS sites
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 901695
People
(Reporter: briansmith, Unassigned)
References
Details
When HSTS is enabled for a site, we should not do the insecure fallback from TLS 1.x to SSL 3.x/2.x in nsSSLThread::checkHandshake.
Reporter | ||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•