HSTS should stop us from doing TLS intolerance fallback, since the purpose of HSTS is to make TLS-related errors fatal.
Depends on: 887052
We may need to continue to allow TLS 1.2 -> TLS 1.1 -> TLS 1.0 fallback in response to connection resets in order to work around some intermediaries that reset TLS 1.2 and TLS 1.1 connections, based on my understanding of GOogle's findings. However, we should at least prevent the fallback to SSL 3.0 for HSTS sites. Adding dependency on bug 775370 since that will make it easier for us to get the HSTS state during the TLS connection. CC'ing keeler in case he wants to do this after bug 775370 is done.
Depends on: 775370
Duplicate of bug 643894?
Given Bug 643894 is specifically about disabling TLS -> SSL fallback (and not inter-TLS), I marked this as a dependancy. But feel free to dupe.
Depends on: 643894
Duplicate of this bug: 643894
Not necessary after bug 1084025 is fixed.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Depends on: 1084025
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.