Closed
Bug 810671
Opened 11 years ago
Closed 11 years ago
Remove support for low/weak/null cipher suites
Categories
(SeaMonkey :: Security, defect)
SeaMonkey
Security
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: neil, Assigned: neil)
References
Details
Attachments
(1 file, 4 obsolete files)
22.66 KB,
patch
|
iannbugzilla
:
review+
philip.chee
:
feedback+
|
Details | Diff | Splinter Review |
Bug #799007 removed support for security levels.
Assignee | ||
Comment 1•11 years ago
|
||
D'oh, I copied all the CCs. Sorry for the spam.
Assignee | ||
Comment 2•11 years ago
|
||
Comment 3•11 years ago
|
||
We should also remove the Sync prefs that I introduced in bug 576970 and which got removed for FF through bug 799007 and bug 799009. [Feel free to merge into your patch; this is trivial enough that I don't require my name anywhere.]
Attachment #680484 -
Flags: review?(neil)
Assignee | ||
Comment 4•11 years ago
|
||
Comment on attachment 680484 [details] [diff] [review] remove Sync prefs You were thinking of bug 810673, but I want to put those prefs back anyway...
Attachment #680484 -
Flags: review?(neil) → review-
Assignee | ||
Comment 5•11 years ago
|
||
Oh, actually warn_entering_weak can be removed.
Assignee | ||
Comment 6•11 years ago
|
||
Also removed the warn_entering_weak prefs.
Attachment #680438 -
Attachment is obsolete: true
Attachment #680484 -
Attachment is obsolete: true
Attachment #680438 -
Flags: review?(philip.chee)
Attachment #680872 -
Flags: review?(philip.chee)
Comment 7•11 years ago
|
||
Comment on attachment 680872 [details] [diff] [review] Revised patch In the end, Help needs to be adapted, too.
Assignee | ||
Comment 8•11 years ago
|
||
Oh, and Page Info stuff too, sigh...
Assignee | ||
Comment 9•11 years ago
|
||
I don't know what, if anything, Firefox is doing with Page Info so I thought I'd play safe and fork the strings, this allowed me to tweak one of them too.
Attachment #680872 -
Attachment is obsolete: true
Attachment #680872 -
Flags: review?(philip.chee)
Attachment #681657 -
Flags: review?(iann_bugzilla)
Attachment #681657 -
Flags: feedback?(philip.chee)
![]() |
||
Comment 10•11 years ago
|
||
Comment on attachment 681657 [details] [diff] [review] Fixed patch > -pref("services.sync.prefs.sync.security.warn_entering_weak", true); Doesn't security.warn_entering_weak need to be removed from nsThunderbirdProfileMigrator.cpp as well? > +SiteNotVerified=Website Identity Not Verified > +WebSiteVerified=Website Identity Verified > +Identity_Verified=The website %S supports authentication for the page you are viewing. The identity of this website has been verified by %S, a certificate authority you trust for this purpose. > +ViewCertificate=View the security certificate that verifies this website's identity. Where are the above strings used? > +NoEncryption=Connection Not Encrypted > +Privacy_None1=The website %S does not support encryption for the page you are viewing. > +Privacy_None2=Information sent over the Internet without encryption can be seen by other people while it is in transit. > +Privacy_None3=The page you are viewing is not encrypted. > +# LOCALIZATION NOTE (pageInfo_StrongEncryptionWithBits): %1$S is the name of the encryption standard, Wrong L10n note. > +# %2$S is the key size of the cipher. > +EncryptionWithBits=Connection Encrypted (%1$S, %2$S bit keys) > +Privacy_Encryption1=The page you are viewing was encrypted before being transmitted over the Internet. > +Privacy_Encryption2=Encryption makes it very difficult for unauthorized people to view information traveling between computers. It is therefore very unlikely that anyone read this page as it traveled across the network. > +MixedContent=Connection Partially Encrypted > +Privacy_Mixed1=Parts of the page you are viewing were not encrypted before being transmitted over the Internet. > -.urlbar-security-level[level="high"], > -.urlbar-security-level[level="low"] { > +.urlbar-security-level[level="high"] { > background-color: InfoBackground; > color: InfoText; [ comment: (classic) InfoBackground on my system is rgb(255, 255, 225) which isn't very noticable. ] Other than the above nits, stuff works as expected.
![]() |
||
Updated•11 years ago
|
Attachment #681657 -
Flags: feedback?(philip.chee)
Assignee | ||
Comment 11•11 years ago
|
||
It occurred to me that I should rename the "new" strings to be in line with the rest of the strings, so instead of no prefix or a "Privacy_" prefix, they now all have a "security" prefix, since they are used on the Security tab.
Attachment #681657 -
Attachment is obsolete: true
Attachment #681657 -
Flags: review?(iann_bugzilla)
Attachment #682277 -
Flags: review?(iann_bugzilla)
Attachment #682277 -
Flags: feedback?(philip.chee)
![]() |
||
Comment 12•11 years ago
|
||
Comment on attachment 682277 [details] [diff] [review] Addressed review comments > It occurred to me that I should rename the "new" strings to be in line with > the rest of the strings, so instead of no prefix or a "Privacy_" prefix, they > now all have a "security" prefix, since they are used on the Security tab. Good idea. f=me
Attachment #682277 -
Flags: feedback?(philip.chee) → feedback+
Comment 13•11 years ago
|
||
Comment on attachment 682277 [details] [diff] [review] Addressed review comments >+++ b/suite/locales/en-US/chrome/browser/pageInfo.properties >+securityNoEncryption=Connection Not Encrypted >+securityNone1=The website %S does not support encryption for the page you are viewing. >+securityNone2=Information sent over the Internet without encryption can be seen by other people while it is in transit. >+securityNone3=The page you are viewing is not encrypted. >+# LOCALIZATION NOTE (securityEncryptionWithBits): %1$S is the name of the encryption standard, >+# %2$S is the key size of the cipher. >+securityEncryptionWithBits=Connection Encrypted (%1$S, %2$S bit keys) >+securityEncryption1=The page you are viewing was encrypted before being transmitted over the Internet. >+securityEncryption2=Encryption makes it very difficult for unauthorized people to view information traveling between computers. It is therefore very unlikely that anyone read this page as it traveled across the network. Would it be better to say "Internet" rather than "network" here for consistency? >+securityMixedContent=Connection Partially Encrypted >+securityMixed1=Parts of the page you are viewing were not encrypted before being transmitted over the Internet. r=me with that addressed.
Attachment #682277 -
Flags: review?(iann_bugzilla) → review+
Assignee | ||
Comment 14•11 years ago
|
||
(In reply to Ian Neal from comment #13) > (From update of attachment 682277 [details] [diff] [review]) > >+securityEncryption1=The page you are viewing was encrypted before being transmitted over the Internet. > >+securityEncryption2=Encryption makes it very difficult for unauthorized people to view information traveling between computers. It is therefore very unlikely that anyone read this page as it traveled across the network. > Would it be better to say "Internet" rather than "network" here for > consistency? At first I thought that it was repetitive but I notice that we repeat the term Internet for mixed content too, so it seems reasonable.
Assignee | ||
Comment 15•11 years ago
|
||
Pushed comm-central changeset 24ad7887d181.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•