Closed Bug 711334 Opened 8 years ago Closed 8 years ago

Be explicit that TLS version is 1.0

Categories

(SeaMonkey :: Preferences, enhancement)

enhancement
Not set

Tracking

(Not tracked)

RESOLVED FIXED
seamonkey2.10

People

(Reporter: sgautherie, Assigned: InvisibleSmiley)

References

()

Details

Attachments

(1 file)

Edit > Preferences... > Privacy & Security > SSL

Firefox UI:
<https://support.mozilla.com/en-US/kb/Options window - Advanced panel#w_encryption-tab>
Blocks: 711335
Non broken url: <https://support.mozilla.com/en-US/kb/Options%20window%20-%20Advanced%20panel#w_encryption-tab>

<https://support.mozilla.com/media/uploads/gallery/images/2011-06-01-08-16-38-ce7b6a.png>

q.v. 1.18 <jwalden@mit.edu> 2006-06-17 00:47
Bug 340677 - update preferences panels (add anti-phishing, rationalize categories, simplify wording). This patch is the first, preliminary patch which adds (hopefully) all the strings which will be needed, while simultaneously removing none of the existing strings. (Note to localizers: see the localization notes in the changed files, which delimit where I believe new strings end and old, to-be-removed strings start.) verbal r+a=mconnor
Whiteboard: [good first bug]
This should take care of it, including Help. If I get r+ here I'll mark bug 711335 as a dupe of this one. I'm just not sure about the following:

"I assume fallback from TLS (1.0) to SSL 3.0 happens only if both are enabled..."

I think we should only change Help in that regard if we're *sure* that this applies.
Assignee: nobody → jh
Status: NEW → ASSIGNED
Attachment #582310 - Flags: review?(iann_bugzilla)
Comment on attachment 582310 [details] [diff] [review]
patch [Checkin: Comment 7]

Review of attachment 582310 [details] [diff] [review]:
-----------------------------------------------------------------

::: suite/locales/en-US/chrome/common/help/ssl_help.xhtml
@@ +52,3 @@
>  
>  <ul>
> +  <li><strong>Enable SSL 3.0</strong>: Allows newer web servers to work

SSL 3.0 only servers are now considered "older".

@@ +55,2 @@
>      with the browser.</li>
> +  <li><strong>Enable TLS 1.0</strong>: Allows web servers that support TLS to

You might add "newer" here, fwiw.

::: suite/locales/en-US/chrome/common/pref/pref-ssl.dtd
@@ +43,5 @@
>  <!ENTITY pref.ssl.title                     "Secure Sockets Layer (SSL)">
> +<!ENTITY enable.ssl30                       "Enable SSL 3.0">
> +<!ENTITY enable.ssl30.accesskey             "3">
> +<!ENTITY enable.tls10                       "Enable TLS 1.0">
> +<!ENTITY enable.tls10.accesskey             "T">

Firefox has
96 <!ENTITY useSSL3.label                   "Use SSL 3.0">
97 <!ENTITY useSSL3.accesskey               "3">
98 <!ENTITY useTLS1.label                   "Use TLS 1.0">
99 <!ENTITY useTLS1.accesskey               "1">

Same ids would help mxr searches...
'.label' is more explicit, though that doesn't seem used (in this file)...
'Use' instead of 'Enable', though maybe a little less precise, should be acceptable too...
(And all this could help localizers too.)

::: suite/security/prefs/pref-ssl.xul
@@ +79,5 @@
>        <caption label="&SSLProtocolVersions.caption;"/>
>  
>        <vbox flex="1" align="start">
> +        <checkbox id="enableSSL30"
> +                  label="&enable.ssl30;"

353                     <checkbox id="useSSL3" label="&useSSL3.label;"

@@ +85,3 @@
>                    preference="security.enable_ssl3"/>
> +        <checkbox id="enableTLS10"
> +                  label="&enable.tls10;"

358                     <checkbox id="useTLS1" label="&useTLS1.label;"
(In reply to Jens Hatlak (:InvisibleSmiley) from comment #2)
> I'm just not sure about the following:
> 
> "I assume fallback from TLS (1.0) to SSL 3.0 happens only if both are
> enabled..."
> 
> I think we should only change Help in that regard if we're *sure* that this
> applies.

I agree. I guess this could be investigated in (morphed) bug 711335.
Currently, the two checkboxes are independent which seems to imply the two protocols are too.
If TLS 1.0 indeed imply/include SSL 3.0 too, UI should be made more explicit.
Comment on attachment 582310 [details] [diff] [review]
patch [Checkin: Comment 7]

>+  <li><strong>Enable SSL 3.0</strong>: Allows newer web servers to work
>     with the browser.</li>
>+  <li><strong>Enable TLS 1.0</strong>: Allows web servers that support TLS to
>+    take advantage of it.</li>
As Serge suggested TLS 1.0 is newer than SSL 3.0, so maybe the first one should be:
>+  <li><strong>Enable SSL 3.0</strong>: Allows web servers that support SSL 3.0
      to work with the browser.</li>
With the second one being:
>+  <li><strong>Enable TLS 1.0</strong>: Allows newer web servers that support
      TLS 1.0 to take advantage of it.</li>

>+++ b/suite/locales/en-US/chrome/common/pref/pref-ssl.dtd
>+<!ENTITY enable.ssl30                       "Enable SSL 3.0">
>+<!ENTITY enable.ssl30.accesskey             "3">
>+<!ENTITY enable.tls10                       "Enable TLS 1.0">
>+<!ENTITY enable.tls10.accesskey             "T">
I would prefer the use of .label for these new entities.

As far as "I assume fallback from TLS (1.0) to SSL 3.0 happens only if both are enabled...", please check with someone who knows that part of the SSL code (I believe one of kaie or bsmith or mayhemer)

r+ once those points are addressed.
Attachment #582310 - Flags: review?(iann_bugzilla) → review+
(In reply to Ian Neal from comment #5)
> As far as "I assume fallback from TLS (1.0) to SSL 3.0 happens only if both
> are enabled...", please check with someone who knows that part of the SSL
> code (I believe one of kaie or bsmith or mayhemer)

Already done in bug 711335 ;-)
Comment on attachment 582310 [details] [diff] [review]
patch [Checkin: Comment 7]

http://hg.mozilla.org/comm-central/rev/c1704e94d670

(In reply to Ian Neal from comment #5)
> I would prefer the use of .label for these new entities.

Well, now it's inconsistent with the rest of the DTD file, but hey, I'll do almost anything to get this bug off my back. If only I were allowed to make changes without caring about blame...

> As far as "I assume fallback from TLS (1.0) to SSL 3.0 happens only if both
> are enabled...", please check with someone who knows that part of the SSL
> code (I believe one of kaie or bsmith or mayhemer)

kaie clarified on bug 711335 that the prefs are independent, so I added " (if enabled)" after "If that connection fails because the server is TLS intolerant, the browser will fall back to using SSL 3.0".
Attachment #582310 - Attachment description: patch → patch [Checkin: Comment 7]
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → seamonkey2.10
Flags: in-testsuite-
Whiteboard: [good first bug]
You need to log in before you can comment on or make changes to this bug.