Closed Bug 810671 Opened 8 years ago Closed 8 years ago

Remove support for low/weak/null cipher suites

Categories

(SeaMonkey :: Security, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: neil, Assigned: neil)

References

Details

Attachments

(1 file, 4 obsolete files)

Bug #799007 removed support for security levels.
D'oh, I copied all the CCs. Sorry for the spam.
Attached patch Proposed patch (obsolete) — Splinter Review
Assignee: nobody → neil
Status: NEW → ASSIGNED
Attachment #680438 - Flags: review?(philip.chee)
Attached patch remove Sync prefs (obsolete) — Splinter Review
We should also remove the Sync prefs that I introduced in bug 576970 and which got removed for FF through bug 799007 and bug 799009. [Feel free to merge into your patch; this is trivial enough that I don't require my name anywhere.]
Attachment #680484 - Flags: review?(neil)
Comment on attachment 680484 [details] [diff] [review]
remove Sync prefs

You were thinking of bug 810673, but I want to put those prefs back anyway...
Attachment #680484 - Flags: review?(neil) → review-
Oh, actually warn_entering_weak can be removed.
Attached patch Revised patch (obsolete) — Splinter Review
Also removed the warn_entering_weak prefs.
Attachment #680438 - Attachment is obsolete: true
Attachment #680484 - Attachment is obsolete: true
Attachment #680438 - Flags: review?(philip.chee)
Attachment #680872 - Flags: review?(philip.chee)
Comment on attachment 680872 [details] [diff] [review]
Revised patch

In the end, Help needs to be adapted, too.
Oh, and Page Info stuff too, sigh...
Attached patch Fixed patch (obsolete) — Splinter Review
I don't know what, if anything, Firefox is doing with Page Info so I thought I'd play safe and fork the strings, this allowed me to tweak one of them too.
Attachment #680872 - Attachment is obsolete: true
Attachment #680872 - Flags: review?(philip.chee)
Attachment #681657 - Flags: review?(iann_bugzilla)
Attachment #681657 - Flags: feedback?(philip.chee)
Comment on attachment 681657 [details] [diff] [review]
Fixed patch

> -pref("services.sync.prefs.sync.security.warn_entering_weak", true);
Doesn't security.warn_entering_weak need to be removed from nsThunderbirdProfileMigrator.cpp as well?

> +SiteNotVerified=Website Identity Not Verified
> +WebSiteVerified=Website Identity Verified
> +Identity_Verified=The website %S supports authentication for the page you are viewing. The identity of this website has been verified by %S, a certificate authority you trust for this purpose.
> +ViewCertificate=View the security certificate that verifies this website's identity.
Where are the above strings used?

> +NoEncryption=Connection Not Encrypted
> +Privacy_None1=The website %S does not support encryption for the page you are viewing.
> +Privacy_None2=Information sent over the Internet without encryption can be seen by other people while it is in transit. 
> +Privacy_None3=The page you are viewing is not encrypted.
> +# LOCALIZATION NOTE (pageInfo_StrongEncryptionWithBits): %1$S is the name of the encryption standard,
Wrong L10n note.

> +# %2$S is the key size of the cipher.
> +EncryptionWithBits=Connection Encrypted (%1$S, %2$S bit keys)
> +Privacy_Encryption1=The page you are viewing was encrypted before being transmitted over the Internet.
> +Privacy_Encryption2=Encryption makes it very difficult for unauthorized people to view information traveling between computers. It is therefore very unlikely that anyone read this page as it traveled across the network.
> +MixedContent=Connection Partially Encrypted
> +Privacy_Mixed1=Parts of the page you are viewing were not encrypted before being transmitted over the Internet.

> -.urlbar-security-level[level="high"],
> -.urlbar-security-level[level="low"] {
> +.urlbar-security-level[level="high"] {
>    background-color: InfoBackground;
>    color: InfoText;

[ comment: (classic) InfoBackground on my system is rgb(255, 255, 225) which isn't very noticable. ]

Other than the above nits, stuff works as expected.
Attachment #681657 - Flags: feedback?(philip.chee)
It occurred to me that I should rename the "new" strings to be in line with the rest of the strings, so instead of no prefix or a "Privacy_" prefix, they now all have a "security" prefix, since they are used on the Security tab.
Attachment #681657 - Attachment is obsolete: true
Attachment #681657 - Flags: review?(iann_bugzilla)
Attachment #682277 - Flags: review?(iann_bugzilla)
Attachment #682277 - Flags: feedback?(philip.chee)
Comment on attachment 682277 [details] [diff] [review]
Addressed review comments

> It occurred to me that I should rename the "new" strings to be in line with
> the rest of the strings, so instead of no prefix or a "Privacy_" prefix, they
> now all have a "security" prefix, since they are used on the Security tab.
Good idea.

f=me
Attachment #682277 - Flags: feedback?(philip.chee) → feedback+
Comment on attachment 682277 [details] [diff] [review]
Addressed review comments

>+++ b/suite/locales/en-US/chrome/browser/pageInfo.properties

>+securityNoEncryption=Connection Not Encrypted
>+securityNone1=The website %S does not support encryption for the page you are viewing.
>+securityNone2=Information sent over the Internet without encryption can be seen by other people while it is in transit. 
>+securityNone3=The page you are viewing is not encrypted.
>+# LOCALIZATION NOTE (securityEncryptionWithBits): %1$S is the name of the encryption standard,
>+# %2$S is the key size of the cipher.
>+securityEncryptionWithBits=Connection Encrypted (%1$S, %2$S bit keys)
>+securityEncryption1=The page you are viewing was encrypted before being transmitted over the Internet.
>+securityEncryption2=Encryption makes it very difficult for unauthorized people to view information traveling between computers. It is therefore very unlikely that anyone read this page as it traveled across the network.
Would it be better to say "Internet" rather than "network" here for consistency?
>+securityMixedContent=Connection Partially Encrypted
>+securityMixed1=Parts of the page you are viewing were not encrypted before being transmitted over the Internet.

r=me with that addressed.
Attachment #682277 - Flags: review?(iann_bugzilla) → review+
(In reply to Ian Neal from comment #13)
> (From update of attachment 682277 [details] [diff] [review])
> >+securityEncryption1=The page you are viewing was encrypted before being transmitted over the Internet.
> >+securityEncryption2=Encryption makes it very difficult for unauthorized people to view information traveling between computers. It is therefore very unlikely that anyone read this page as it traveled across the network.
> Would it be better to say "Internet" rather than "network" here for
> consistency?
At first I thought that it was repetitive but I notice that we repeat the term Internet for mixed content too, so it seems reasonable.
Pushed comm-central changeset 24ad7887d181.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.