Closed
Bug 711334
Opened 13 years ago
Closed 13 years ago
Be explicit that TLS version is 1.0
Categories
(SeaMonkey :: Preferences, enhancement)
SeaMonkey
Preferences
Tracking
(Not tracked)
RESOLVED
FIXED
seamonkey2.10
People
(Reporter: sgautherie, Assigned: InvisibleSmiley)
References
()
Details
Attachments
(1 file)
|
5.09 KB,
patch
|
iannbugzilla
:
review+
|
Details | Diff | Splinter Review |
Edit > Preferences... > Privacy & Security > SSL
Firefox UI:
<https://support.mozilla.com/en-US/kb/Options window - Advanced panel#w_encryption-tab>
|
||
Comment 1•13 years ago
|
||
Non broken url: <https://support.mozilla.com/en-US/kb/Options%20window%20-%20Advanced%20panel#w_encryption-tab>
<https://support.mozilla.com/media/uploads/gallery/images/2011-06-01-08-16-38-ce7b6a.png>
q.v. 1.18 <jwalden@mit.edu> 2006-06-17 00:47
Bug 340677 - update preferences panels (add anti-phishing, rationalize categories, simplify wording). This patch is the first, preliminary patch which adds (hopefully) all the strings which will be needed, while simultaneously removing none of the existing strings. (Note to localizers: see the localization notes in the changed files, which delimit where I believe new strings end and old, to-be-removed strings start.) verbal r+a=mconnor
|
Reporter | |
Updated•13 years ago
|
Whiteboard: [good first bug]
|
Assignee | |
Comment 2•13 years ago
|
||
This should take care of it, including Help. If I get r+ here I'll mark bug 711335 as a dupe of this one. I'm just not sure about the following:
"I assume fallback from TLS (1.0) to SSL 3.0 happens only if both are enabled..."
I think we should only change Help in that regard if we're *sure* that this applies.
|
|
Reporter | |
Comment 3•13 years ago
|
||
Comment on attachment 582310 [details] [diff] [review]
patch [Checkin: Comment 7]
Review of attachment 582310 [details] [diff] [review]:
-----------------------------------------------------------------
::: suite/locales/en-US/chrome/common/help/ssl_help.xhtml
@@ +52,3 @@
>
> <ul>
> + <li><strong>Enable SSL 3.0</strong>: Allows newer web servers to work
SSL 3.0 only servers are now considered "older".
@@ +55,2 @@
> with the browser.</li>
> + <li><strong>Enable TLS 1.0</strong>: Allows web servers that support TLS to
You might add "newer" here, fwiw.
::: suite/locales/en-US/chrome/common/pref/pref-ssl.dtd
@@ +43,5 @@
> <!ENTITY pref.ssl.title "Secure Sockets Layer (SSL)">
> +<!ENTITY enable.ssl30 "Enable SSL 3.0">
> +<!ENTITY enable.ssl30.accesskey "3">
> +<!ENTITY enable.tls10 "Enable TLS 1.0">
> +<!ENTITY enable.tls10.accesskey "T">
Firefox has
96 <!ENTITY useSSL3.label "Use SSL 3.0">
97 <!ENTITY useSSL3.accesskey "3">
98 <!ENTITY useTLS1.label "Use TLS 1.0">
99 <!ENTITY useTLS1.accesskey "1">
Same ids would help mxr searches...
'.label' is more explicit, though that doesn't seem used (in this file)...
'Use' instead of 'Enable', though maybe a little less precise, should be acceptable too...
(And all this could help localizers too.)
::: suite/security/prefs/pref-ssl.xul
@@ +79,5 @@
> <caption label="&SSLProtocolVersions.caption;"/>
>
> <vbox flex="1" align="start">
> + <checkbox id="enableSSL30"
> + label="&enable.ssl30;"
353 <checkbox id="useSSL3" label="&useSSL3.label;"
@@ +85,3 @@
> preference="security.enable_ssl3"/>
> + <checkbox id="enableTLS10"
> + label="&enable.tls10;"
358 <checkbox id="useTLS1" label="&useTLS1.label;"
|
|
Reporter | |
Comment 4•13 years ago
|
||
(In reply to Jens Hatlak (:InvisibleSmiley) from comment #2)
> I'm just not sure about the following:
>
> "I assume fallback from TLS (1.0) to SSL 3.0 happens only if both are
> enabled..."
>
> I think we should only change Help in that regard if we're *sure* that this
> applies.
I agree. I guess this could be investigated in (morphed) bug 711335.
Currently, the two checkboxes are independent which seems to imply the two protocols are too.
If TLS 1.0 indeed imply/include SSL 3.0 too, UI should be made more explicit.
Comment on attachment 582310 [details] [diff] [review]
patch [Checkin: Comment 7]
>+ <li><strong>Enable SSL 3.0</strong>: Allows newer web servers to work
> with the browser.</li>
>+ <li><strong>Enable TLS 1.0</strong>: Allows web servers that support TLS to
>+ take advantage of it.</li>
As Serge suggested TLS 1.0 is newer than SSL 3.0, so maybe the first one should be:
>+ <li><strong>Enable SSL 3.0</strong>: Allows web servers that support SSL 3.0
to work with the browser.</li>
With the second one being:
>+ <li><strong>Enable TLS 1.0</strong>: Allows newer web servers that support
TLS 1.0 to take advantage of it.</li>
>+++ b/suite/locales/en-US/chrome/common/pref/pref-ssl.dtd
>+<!ENTITY enable.ssl30 "Enable SSL 3.0">
>+<!ENTITY enable.ssl30.accesskey "3">
>+<!ENTITY enable.tls10 "Enable TLS 1.0">
>+<!ENTITY enable.tls10.accesskey "T">
I would prefer the use of .label for these new entities.
As far as "I assume fallback from TLS (1.0) to SSL 3.0 happens only if both are enabled...", please check with someone who knows that part of the SSL code (I believe one of kaie or bsmith or mayhemer)
r+ once those points are addressed.
Attachment #582310 -
Flags: review?(iann_bugzilla) → review+
|
|
Reporter | |
Comment 6•13 years ago
|
||
(In reply to Ian Neal from comment #5)
> As far as "I assume fallback from TLS (1.0) to SSL 3.0 happens only if both
> are enabled...", please check with someone who knows that part of the SSL
> code (I believe one of kaie or bsmith or mayhemer)
Already done in bug 711335 ;-)
|
|
Assignee | |
Comment 7•13 years ago
|
||
Comment on attachment 582310 [details] [diff] [review]
patch [Checkin: Comment 7]
http://hg.mozilla.org/comm-central/rev/c1704e94d670
(In reply to Ian Neal from comment #5)
> I would prefer the use of .label for these new entities.
Well, now it's inconsistent with the rest of the DTD file, but hey, I'll do almost anything to get this bug off my back. If only I were allowed to make changes without caring about blame...
> As far as "I assume fallback from TLS (1.0) to SSL 3.0 happens only if both
> are enabled...", please check with someone who knows that part of the SSL
> code (I believe one of kaie or bsmith or mayhemer)
kaie clarified on bug 711335 that the prefs are independent, so I added " (if enabled)" after "If that connection fails because the server is TLS intolerant, the browser will fall back to using SSL 3.0".
Attachment #582310 -
Attachment description: patch → patch [Checkin: Comment 7]
|
|
Assignee | |
Updated•13 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → seamonkey2.10
|
|
Reporter | |
Updated•13 years ago
|
Flags: in-testsuite-
Whiteboard: [good first bug]
You need to log in
before you can comment on or make changes to this bug.
Description
•