Closed Bug 810671 Opened 11 years ago Closed 11 years ago

Remove support for low/weak/null cipher suites

Categories

(SeaMonkey :: Security, defect)

Product:
SeaMonkey
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: neil, Assigned: neil)

References

Details

Attachments

(1 file, 4 obsolete files)

Addressed review comments
22.66 KB, patch
iannbugzilla
: review+
philip.chee
: feedback+
Details | Diff | Splinter Review 
Bug #799007 removed support for security levels.
D'oh, I copied all the CCs. Sorry for the spam.
Attached patch Proposed patch (obsolete) — Splinter Review 
Assignee: nobody → neil
Status: NEW → ASSIGNED

        Attachment #680438 -
        Flags: review?(philip.chee)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        remove Sync prefs (obsolete)
        — Splinter Review
      

    


  
We should also remove the Sync prefs that I introduced in bug 576970 and which got removed for FF through bug 799007 and bug 799009. [Feel free to merge into your patch; this is trivial enough that I don't require my name anywhere.]

        Attachment #680484 -
        Flags: review?(neil)

    
    

    
  
Comment on attachment 680484 [details] [diff] [review]
remove Sync prefs

You were thinking of bug 810673, but I want to put those prefs back anyway...

        Attachment #680484 -
        Flags: review?(neil) → review-

    
    

    
  
Oh, actually warn_entering_weak can be removed.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Revised patch (obsolete)
        — Splinter Review
      

    


  
Also removed the warn_entering_weak prefs.

        Attachment #680438 -
        Attachment is obsolete: true

        Attachment #680484 -
        Attachment is obsolete: true

        Attachment #680438 -
        Flags: review?(philip.chee)

        Attachment #680872 -
        Flags: review?(philip.chee)

    
    

    
  
Comment on attachment 680872 [details] [diff] [review]
Revised patch

In the end, Help needs to be adapted, too.

    
    

    
  
Oh, and Page Info stuff too, sigh...

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Fixed patch (obsolete)
        — Splinter Review
      

    


  
I don't know what, if anything, Firefox is doing with Page Info so I thought I'd play safe and fork the strings, this allowed me to tweak one of them too.

        Attachment #680872 -
        Attachment is obsolete: true

        Attachment #680872 -
        Flags: review?(philip.chee)

        Attachment #681657 -
        Flags: review?(iann_bugzilla)

        Attachment #681657 -
        Flags: feedback?(philip.chee)

    
    

    
  
Comment on attachment 681657 [details] [diff] [review]
Fixed patch

> -pref("services.sync.prefs.sync.security.warn_entering_weak", true);
Doesn't security.warn_entering_weak need to be removed from nsThunderbirdProfileMigrator.cpp as well?

> +SiteNotVerified=Website Identity Not Verified
> +WebSiteVerified=Website Identity Verified
> +Identity_Verified=The website %S supports authentication for the page you are viewing. The identity of this website has been verified by %S, a certificate authority you trust for this purpose.
> +ViewCertificate=View the security certificate that verifies this website's identity.
Where are the above strings used?

> +NoEncryption=Connection Not Encrypted
> +Privacy_None1=The website %S does not support encryption for the page you are viewing.
> +Privacy_None2=Information sent over the Internet without encryption can be seen by other people while it is in transit. 
> +Privacy_None3=The page you are viewing is not encrypted.
> +# LOCALIZATION NOTE (pageInfo_StrongEncryptionWithBits): %1$S is the name of the encryption standard,
Wrong L10n note.

> +# %2$S is the key size of the cipher.
> +EncryptionWithBits=Connection Encrypted (%1$S, %2$S bit keys)
> +Privacy_Encryption1=The page you are viewing was encrypted before being transmitted over the Internet.
> +Privacy_Encryption2=Encryption makes it very difficult for unauthorized people to view information traveling between computers. It is therefore very unlikely that anyone read this page as it traveled across the network.
> +MixedContent=Connection Partially Encrypted
> +Privacy_Mixed1=Parts of the page you are viewing were not encrypted before being transmitted over the Internet.

> -.urlbar-security-level[level="high"],
> -.urlbar-security-level[level="low"] {
> +.urlbar-security-level[level="high"] {
>    background-color: InfoBackground;
>    color: InfoText;

[ comment: (classic) InfoBackground on my system is rgb(255, 255, 225) which isn't very noticable. ]

Other than the above nits, stuff works as expected.

    
  

        Attachment #681657 -
        Flags: feedback?(philip.chee)

    
    

    
  


  
It occurred to me that I should rename the "new" strings to be in line with the rest of the strings, so instead of no prefix or a "Privacy_" prefix, they now all have a "security" prefix, since they are used on the Security tab.

        Attachment #681657 -
        Attachment is obsolete: true

        Attachment #681657 -
        Flags: review?(iann_bugzilla)

        Attachment #682277 -
        Flags: review?(iann_bugzilla)

        Attachment #682277 -
        Flags: feedback?(philip.chee)

    
    

    
  
Comment on attachment 682277 [details] [diff] [review]
Addressed review comments

> It occurred to me that I should rename the "new" strings to be in line with
> the rest of the strings, so instead of no prefix or a "Privacy_" prefix, they
> now all have a "security" prefix, since they are used on the Security tab.
Good idea.

f=me

        Attachment #682277 -
        Flags: feedback?(philip.chee) → feedback+

    
    

    
  
Comment on attachment 682277 [details] [diff] [review]
Addressed review comments

>+++ b/suite/locales/en-US/chrome/browser/pageInfo.properties

>+securityNoEncryption=Connection Not Encrypted
>+securityNone1=The website %S does not support encryption for the page you are viewing.
>+securityNone2=Information sent over the Internet without encryption can be seen by other people while it is in transit. 
>+securityNone3=The page you are viewing is not encrypted.
>+# LOCALIZATION NOTE (securityEncryptionWithBits): %1$S is the name of the encryption standard,
>+# %2$S is the key size of the cipher.
>+securityEncryptionWithBits=Connection Encrypted (%1$S, %2$S bit keys)
>+securityEncryption1=The page you are viewing was encrypted before being transmitted over the Internet.
>+securityEncryption2=Encryption makes it very difficult for unauthorized people to view information traveling between computers. It is therefore very unlikely that anyone read this page as it traveled across the network.
Would it be better to say "Internet" rather than "network" here for consistency?
>+securityMixedContent=Connection Partially Encrypted
>+securityMixed1=Parts of the page you are viewing were not encrypted before being transmitted over the Internet.

r=me with that addressed.

        Attachment #682277 -
        Flags: review?(iann_bugzilla) → review+

    
    

    
  
(In reply to Ian Neal from comment #13)
> (From update of attachment 682277 [details] [diff] [review])
> >+securityEncryption1=The page you are viewing was encrypted before being transmitted over the Internet.
> >+securityEncryption2=Encryption makes it very difficult for unauthorized people to view information traveling between computers. It is therefore very unlikely that anyone read this page as it traveled across the network.
> Would it be better to say "Internet" rather than "network" here for
> consistency?
At first I thought that it was repetitive but I notice that we repeat the term Internet for mixed content too, so it seems reasonable.

    
    

    
  
Pushed comm-central changeset 24ad7887d181.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.