Closed Bug 643894 Opened 14 years ago Closed 10 years ago

Insecure TLS version rollback is not disabled for HSTS sites

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 901695

People

(Reporter: briansmith, Unassigned)

References

Details

When HSTS is enabled for a site, we should not do the insecure fallback from TLS 1.x to SSL 3.x/2.x in nsSSLThread::checkHandshake.
Blocks: 901695
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.