The NSS update from bug 1137470 increased NSS's default maximum supported version of TLS from 1.0 to 1.2, which caused http://mxr.mozilla.org/mozilla-central/source/browser/devtools/netmonitor/test/browser_net_security-details.js#40 to fail because it expects exactly a TLSv1 connection without having done anything to ensure it gets one. I'll land a change to increase that to expecting exactly a TLSv1.2 connection once I have the number from this bug to use in a commit message, but the test really needs to do something else, either ensure that it will get a particular version or not test that it has gotten a particular version.

We'll also need this on Aurora, because 3.18 RTM will have to land there.

You can land test-only changes on aurora with a=test-only, no need to worry about that.

Here's a patch that makes the test work with different TLS protocol versions and cipher suites. It changes the test not to assume any specific values but to check if the values look valid i.e. the protocol version starts with "TLS" and the cipher suite starts with "TLS_". This should be quite a bit more future proof. Try run: https://treeherder.mozilla.org/#/jobs?repo=try&revision=7eb480adbb12

Comment on attachment 8574317 [details] [diff] [review] netmonitor-security-test-fix.patch Review of attachment 8574317 [details] [diff] [review]: ----------------------------------------------------------------- LGTM

https://hg.mozilla.org/releases/mozilla-aurora/rev/1adf44fcb513 (This is the combination of Phil's first patch, and the later patch on top.)