Closed Bug 84218 Opened 25 years ago Closed 24 years ago

Edit Cipher button and SSL CipherSuite window not lockable

Categories

(Core Graveyard :: Security: UI, defect, P2)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
psm2.1

People

(Reporter: rvelasco, Assigned: ddrinan0264)

Details

Attachments

(2 files)

patch
5.83 KB, patch
Details | Diff | Splinter Review
CFG to lock down SSL2 and SSL3 cipher suite
1.69 KB, application/octet-stream
Details
In the General Preference window under the Privacy and Security Category -> SSL, the Edit Cipher button and Edit Cipher Window Elements are not lockable. According to eclient spec, all preferences in general pref area should be lockable. There is no way to lock down SSL2 and SSL3 Ciphersuites on the browser. This is a requirement for eclient. eddyk already aware of this issue.
my component, I'll QA this...adding sarah to Cc.
QA Contact: sairuh → rvelasco
Info regarding pref locking can be found on this newsgroup posting news://news.mozilla.org/3AC8F5D2.6CA02623%40netscape.com
SSL prefs are handled by PSM. Changing product to PSM.
Component: Preferences → Client Library
Product: Browser → PSM
Target Milestone: --- → 2.0
Version: other → 2.0
-> 2.0, P3 We're over the limit for bugs for PSM 2.0, so this might slip past PSM 2.0 into PSM 2.1.
Priority: -- → P2
can I reassign this bug to you (bob lord) or someone in your group? eddy's pretty bogged down with a bunch of pref locking bugs.
-> ssaux to re-assign
Assignee: eddyk → ssaux
-> ddrinan -> p3 to not add to RTM list.
Assignee: ssaux → ddrinan
Priority: P2 → P3
adding nsenterprise keyword
Keywords: nsenterprise
Mass reassigning target to 2.1
Target Milestone: 2.0 → 2.1
I'd like to bump up the priority of this bug since the enterprise client will need this. p3 -> p2
Priority: P3 → P2
Attached patch patchSplinter Review
adding patch and review keywords. Rodney, can you review as well.
Keywords: patch, review
Comment on the checkbox changes in pref-ciphers.xul: The addition of the preftype and prefattribute are not necessary since pref-ciphers.xul does its own handling of the elements (functions onLoad() and doOK()). Those are necessary when nsPrefWindow (in xpfe/components/prefwindow/resources/content/nsPrefWindow.js) is being used to handle the window, but this dialog box does not. It doesn't hurt to have these additional attributes; it's just not necessary. The change in pref-ssl.xul is necessary, and looks correct.
Note that this bug should probably be closed due to the checking for bug 91978
marking as resolved fix per eddyk's last comment.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
I don't think that disabling the ability to open the pref-ciphers.xul window is equivalent to locking the preferences for individual ciphers. It could be that somebody may want to let the user choose to turn ssl2 on and off but not TLS To do that, the fix to bug 91978 doesn't help, and we need this fix. Reopening.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Sorry, there was probably too much clutter in one bug (91978) There is indeed code to disable individual checkboxes in the pref-cipher.xul dialog box. From the diff: Index: pref-ciphers.xul =================================================================== RCS file: /cvsroot/mozilla/security/manager/pki/resources/content/pref-ciphers.xul,v retrieving revision 1.2 diff -u -r1.2 pref-ciphers.xul --- pref-ciphers.xul 2001/07/09 19:03:17 1.2 +++ pref-ciphers.xul 2001/07/24 05:21:49 @@ -55,6 +55,10 @@ } catch(e) { /* Put debug output here */ } element.setAttribute("checked", prefValue); + // disable xul element if the pref is locked. + if (prefs.PrefIsLocked(prefString)) { + element.disabled=true; + } } } So as long as the prefstring attribute in pref-ciphers.xul is correct, and the pref backend lets us know via PrefIsLocked, we'll disable that element. If I misunderstood the issue, or am wrong on this, please reopen. Thanks
Status: REOPENED → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → FIXED
My mistake indeed. Thanks for the clarification.
Status: RESOLVED → VERIFIED
Huh? Last I checked Stephane you were engineering, not QA ;-) Reopening and marking RESOLVED so QA can verify.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
marking resolved again
Status: REOPENED → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → FIXED
button for preference lockPref("security.disable_button.editSSLCiphers", true) is now lockable with current trunk builds. Tested on 2001080804 Win2K 2001081308 Linux 2001081308 Mac SSL Edit Ciphersuites are now lockable as well using the follwing lockPref functions... lockPref("security.ssl2.rc4_128", true); lockPref("security.ssl2.des_64", true); lockPref("security.ssl2.des_ede3_192", true); lockPref("security.ssl2.rc2_128", true); lockPref("security.ssl2.rc2_40", true); lockPref("security.ssl2.rc4_40", true); lockPref("security.ssl3.rsa_rc4_128_md5", true); lockPref("security.ssl3.rsa_fips_des_ede3_sha", true); lockPref("security.ssl3.rsa_des_ede3_sha", true); lockPref("security.ssl3.rsa_fips_des_sha", true); lockPref("security.ssl3.rsa_des_sha", true); lockPref("security.ssl3.rsa_1024_rc4_56_sha", true); lockPref("security.ssl3.rsa_1024_des_cbc_sha", true); lockPref("security.ssl3.rsa_rc4_40_md5", true); lockPref("security.ssl3.rsa_rc2_40_md5", true); lockPref("security.ssl3.rsa_null_md5", false); Marking Verified
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: