Closed
Bug 1092836
Opened 10 years ago
Closed 6 years ago
Warn about TLS 1.0 usage
Categories
(DevTools :: Console, defect)
DevTools
Console
Tracking
(Not tracked)
RESOLVED
INACTIVE
People
(Reporter: annevk, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 2 obsolete files)
(deleted),
patch
|
Details | Diff | Splinter Review |
Given how much of a mess it is to remove SSLv3, we should start early with TLSv10.
Comment 1•10 years ago
|
||
This needs to be aligned with our existing server guidance, which recommends TLSv1.0 support in the Intermediate configuration.
https://wiki.mozilla.org/Security/Server_Side_TLS
Comment 2•10 years ago
|
||
TLSv1.0 support =/= TLSv1.0 negotiation.
I'd think it's still reasonable for the server guidance to recommend support of TLSv1.0 in the intermediate configuration, but each of those guideline also recommends support for higher protocol versions which will be negotiated using a modern browser and therefore not trigger a warning.
I'm not even sure we can detect a server supporting TLSv1.0 while connecting using TLSv1.2 (at least that's what I read...)
Updated•10 years ago
|
OS: Mac OS X → All
Hardware: x86 → All
Summary: Warn about TLSv10 usage → Warn about TLS 1.0 usage
Comment 3•10 years ago
|
||
This is pretty much the same as bug 1092835, I just reused the same code after it got removed for SSL3 in bug 1106470 and updated it for TLS 1.0. No tests included, because I don't know how to add a TLS 1.0 host to mochitest. Also, feel free to grab this as I'm not sure when I'll get time to add the tests.
Updated•10 years ago
|
Attachment #8576294 -
Attachment is obsolete: true
Comment 4•10 years ago
|
||
Fixed patch format.
Updated•10 years ago
|
Attachment #8576298 -
Attachment is obsolete: true
Comment 5•10 years ago
|
||
Comment 6•10 years ago
|
||
I don't think it is a viable approach to spam Web Console in half of the Internet. It will be rapidly ignored and more important warnings (e.g. use of RC4) will be buried in the spam.
Updated•6 years ago
|
Product: Firefox → DevTools
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INACTIVE
Google has recently announced to deprecate TLS 1.0/1.1 in Chromium.
Could we please reopen this? Or is this tracked somewhere else?
Flags: needinfo?(nchevobbe)
Comment 8•6 years ago
|
||
(In reply to sjw from comment #7)
Google has recently announced to deprecate TLS 1.0/1.1 in Chromium.
Could we please reopen this? Or is this tracked somewhere else?
I think Bug 1512505 covers this.
Flags: needinfo?(nchevobbe)
You need to log in
before you can comment on or make changes to this bug.
Description
•