Closed Bug 1512505 Opened 6 years ago Closed 6 years ago

Log a message when a site is only supporting TLS 1.0 or 1.1

Categories

(DevTools :: Console, enhancement, P5)

Product:
DevTools
Component:
Console
Type:
enhancement

Tracking

(firefox68 fixed)

Status:
RESOLVED FIXED
Milestone:
Firefox 68
Tracking Flags:
Tracking Status
firefox68 --- fixed

People

(Reporter: miketaylr, Assigned: carolina.jimenez.g, Mentored)

References

Details

Attachments

(1 file)

Bug 1512505 - Log a message in web console when a site is only supporting TLS 1.0 or 1.1. r=keeler
(deleted), text/x-phabricator-request
Details
Re: https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/, as we get closer to disabling TLS 1.0 and 1.1, we should log a message to the console for sites that do not speak TLS 1.2, and link to https://wiki.mozilla.org/Security/Server_Side_TLS.
Feels like this should be in the security component. Feel free to redirect if that's not the case.
Component: Console → Security: PSM
Product: DevTools → Core
Feels more like a devtools thing. The information is already there - the front-end just needs to check the protocolVersion field of the security info on the channel.
Component: Security: PSM → General
Product: Core → DevTools
(In reply to Dana Keeler [:keeler] (she/her) (use needinfo) from comment #2) > Feels more like a devtools thing. The information is already there - the > front-end just needs to check the protocolVersion field of the security info > on the channel. In order for a warning message to show up in the console frontend, it needs to added through nsContentUtils::ReportToConsole in the content process. An example of how this can work from the channel is the "Invalid HPKP Headers" message: https://searchfox.org/mozilla-central/search?q=Invalid+HPKP+Headers&path=. - It gets reported to the console via nsHttpChannel::AddSecurityMessage (at https://searchfox.org/mozilla-central/rev/adec563403271e78d1a057259b3e17fe557dfd91/netwerk/protocol/http/nsHttpChannel.cpp#1844) - And then gets wired up to the "Learn More" URL in the console (at https://searchfox.org/mozilla-central/rev/adec563403271e78d1a057259b3e17fe557dfd91/devtools/server/actors/errordocs.js#106)
Severity: normal → enhancement
Component: General → Console
Hi Chris, please take a look at this and see what does it take to support it.
Flags: needinfo?(ckerschb)
(In reply to undefined from comment #undefined) > I don't know where in the code we would have to do the reporting for TLS errors. @Dana: Given comment 3, can you please provide the entry points in the TLS code where would have to do the reporting?
Flags: needinfo?(ckerschb) → needinfo?(dkeeler)
One way would be to do something like this in nsHttpChannel somewhere: nsCOMPtr<nsITransportSecurityInfo> transSecInfo = do_QueryInterface(mSecurityInfo); NS_ENSURE_TRUE(transSecInfo, NS_ERROR_FAILURE); uint16_t tlsVersion; rv = transSecInfo->GetProtocolVersion(&tlsVersion); NS_ENSURE_SUCCESS(rv, rv); if (tlsVersion != nsITransportSecurityInfo::TLS_VERSION_1_2 && tlsVersion != nsITransportSecurityInfo::TLS_VERSION_1_3) { nsAutoString consoleErrorTag = NS_LITERAL_STRING("DeprecatedTLSVersion"); nsAutoString consoleErrorCategory = NS_LITERAL_STRING("TLS"); Unused << AddSecurityMessage(consoleErrorTag, consoleErrorCategory); } Then the front-end would need to handle that tag/category, but I don't know the details of that.
Flags: needinfo?(dkeeler)
Priority: -- → P5

Alternatively to a Console warning; we can show a warning in the Network panel where the right audience would see it and get more details.

Given that the work has to happen in the security layer per :brings' comment, who would add the warning?

P5 is probably not the right priority.

ni? Wennie for Harald's question about who would work on this.

Flags: needinfo?(wleung)

Hi Thyla and Johann, please comment on this.

Flags: needinfo?(wleung)
Flags: needinfo?(tjvdmerwe)
Flags: needinfo?(jhofmann)

The only extra devtools front-end handling we'd need is adding some MDN page here, right? https://searchfox.org/mozilla-central/rev/3d469329a42644b41e66944d8da22d78d8c0f5ec/devtools/server/actors/errordocs.js#103-113

Apart from that this seems like a great bug for e.g. Dana to mentor, IMO. Comment 6 already shows most of what's necessary. Dana do you agree?

Flags: needinfo?(jhofmann) → needinfo?(dkeeler)
Flags: needinfo?(tvandermerwe)

I agree with Johann here -- some front-end work and then something that Dana has potentially already solved.

Flags: needinfo?(tvandermerwe)
Flags: needinfo?(tjvdmerwe)

(In reply to Johann Hofmann [:johannh] from comment #10)

The only extra devtools front-end handling we'd need is adding some MDN page here, right? https://searchfox.org/mozilla-central/rev/3d469329a42644b41e66944d8da22d78d8c0f5ec/devtools/server/actors/errordocs.js#103-113

Apart from that this seems like a great bug for e.g. Dana to mentor, IMO. Comment 6 already shows most of what's necessary. Dana do you agree?

Sure - I can mentor.

Flags: needinfo?(dkeeler)
Mentor: dkeeler

Carolina, would you be interested in this one?

Flags: needinfo?(carolina.jimenez.g)

(In reply to Johann Hofmann [:johannh] from comment #13)

Carolina, would you be interested in this one?

Yes, thank you!

Flags: needinfo?(carolina.jimenez.g)
Assignee: nobody → carolina.jimenez.g

Dana, which is your IRC nickname? I would like to ask you something

Flags: needinfo?(dkeeler)

It's "keeler". I'm not on IRC much but I can be during business hours UTC-7 if that's helpful. Feel free to also email.

Flags: needinfo?(dkeeler)
Keywords: checkin-needed

Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/812b90269ab5
Log a message in web console when a site is only supporting TLS 1.0 or 1.1. r=keeler

Keywords: checkin-needed

https://hg.mozilla.org/mozilla-central/rev/812b90269ab5

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox68: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 68
Blocks: 1535210
Depends on: 1634947
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: