Commit Graph

75 Commits

Author SHA1 Message Date
wolfbeast c7138e3b92 Update HSTS preload list
Tag #447
2019-05-28 08:32:43 +00:00
Matt A. Tobin 325b204d26 Issue #1053 - Drop support Android and remove Fennec - Part 1b: Remove MOZ_FENNEC 2019-04-23 15:56:35 -04:00
adeshkp b10712de87 Remove SecurityUI telemetry. 2019-04-21 13:02:52 -04:00
adeshkp 52be954e59 Fix order of member variables in a couple of initializer lists 2019-03-14 09:52:03 -04:00
trav90 a31b9e067c Update HSTS preload list
Tag #447
2019-01-31 08:50:29 -06:00
Ascrod a74b093471 Fix check for HSTS when service is disabled. 2019-01-17 18:18:49 -05:00
Ascrod 3afb818f20 Add preference for fully disabling HSTS. 2019-01-16 19:33:09 -05:00
adeshkp acf1406e0e Remove a pointless switch after telemetry cleanup 2019-01-14 09:32:12 -05:00
adeshkp 5335681cd2 Telemetry: Remove stubs and related code 2019-01-12 06:20:31 -05:00
trav90 483267ba97 Update HSTS preload list
Tag #447
2019-01-02 16:41:46 -06:00
trav90 f0fe6b69db Update HSTS preload list
Tag #447
2018-12-15 17:51:30 -06:00
wolfbeast 74cabf7948 Update NSS to 3.41 2018-12-15 01:42:53 +01:00
trav90 3eef7ab260 Update HSTS preload list
Tag #447
2018-11-27 07:32:12 -06:00
wolfbeast d5a1b34c05 Remove AccumulateCipherSuite()
This resolves #858
2018-11-08 11:32:49 +01:00
wolfbeast f42d6c39fe Remove ancient workaround in client certificate code
Apparently a prehistoric server implementation would send a certificate_authorities field
that didn't include the outer DER SEQUENCE tag, so PSM attempted to detect this and
work around it.
This prehistoric server implementation isn't in use anywhere anymore, so this 18-yo
server bug workaround can be removed.
2018-11-02 11:39:21 +01:00
wolfbeast 52b989d535 Make sure nsNSSCertList handling checks for valid certs. 2018-11-02 02:08:44 +01:00
trav90 76825544ff Update HSTS preload list
Tag #447
2018-10-27 07:32:12 -05:00
trav90 b927e0d5ca Update HSTS preload list
Tag #447
2018-10-12 21:07:35 -05:00
wolfbeast 95379e3377 Ensure we got an nsISSLStatus when deserializing in TransportSecurityInfo. 2018-10-04 22:24:52 +02:00
trav90 778b3c4d7e Update HSTS preload list
Tag #447
2018-09-29 08:37:22 -05:00
wolfbeast 347aea437f Get rid of the incorrect mechanism to remove insecure fallback hosts.
This fixes #797.
2018-09-29 10:09:13 +02:00
trav90 2f64d5eeec Update HSTS preload list
Tag #447
2018-09-11 17:30:37 -05:00
wolfbeast ab961aeb54 Remove all C++ Telemetry Accumulation calls.
This creates a number of stubs and leaves some surrounding code that may be irrelevant (eg. recorded time stamps, status variables).
Stub resolution/removal should be a follow-up to this.
2018-09-03 10:11:38 +02:00
wolfbeast 1425f020c4 Remove support for TLS session caches in TLSServerSocket.
This resolves #738
2018-09-01 23:45:10 +02:00
trav90 cc0e6c7ece Update HSTS preload list
Tag #447
2018-08-27 05:43:33 -05:00
wolfbeast bfc5b53cf9 Fix missed in32->int64 in df85212009
Tag #709.
2018-08-17 19:23:37 +02:00
wolfbeast 26debee733 Reinstate RC4 and mark 3DES weak.
Tag #709
2018-08-17 06:39:04 +02:00
wolfbeast df85212009 Extend {EnabledWeakCiphers} bit field to allow more cipher suites.
Tag #709.
2018-08-17 06:33:23 +02:00
wolfbeast ab10600379 Update NSS to 3.38
- Added HACL*Poly1305 32-bit (INRIA/Microsoft)
- Updated to final TLS 1.3 draft version (28)
- Removed TLS 1.3 prerelease draft limit check
- Removed NPN code
- Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments
- Fixed several bugs with TLS 1.3 negotiation
- Updated internal certificate store
- Added support for the TLS Record Size Limit Extension.
- Fixed CVE-2018-0495
- Various security fixes in the ASN.1 code.
2018-08-14 16:42:52 +02:00
trav90 e79f2ee694 Update HSTS preload list
Tag #447
2018-08-01 05:42:29 -05:00
yami bdcae58fa6 replace "certErrorCodePrefix2" with "certErrorCodePrefix" 2018-07-22 15:29:06 +02:00
wolfbeast c534a0ca24 Remove incorrect debug assertion.
solves #631, solves #664
2018-07-22 08:24:16 +02:00
trav90 4d358ef73c Update HSTS preload list
Tag #447
2018-07-17 05:53:04 -05:00
wolfbeast 4c9914227e Merge branch 'ported-upstream' 2018-07-02 17:51:09 +02:00
wolfbeast aa6329b694 Don't leak newTemplate in pk11_copyAttributes()
Cherry-pick of NSS fix from 3.37
2018-07-01 16:31:31 +02:00
wolfbeast 535e9399e6 Remove SSL Error Reporting telemetry 2018-06-29 17:40:01 +02:00
trav90 ba241f0825 Update HSTS preload list
Tag #447
2018-06-21 05:29:04 -05:00
wolfbeast 7d3b69729b Fix SSL status ambiguity.
- Adds CipherSuite string with the full suite
- Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.
2018-06-20 19:14:58 +02:00
JustOff f83f62e1bf Update NSS to 3.36.4-RTM 2018-06-11 16:42:50 +03:00
JustOff b1ddd8a8af [PALEMOON] Add missed strings required by page info 2018-06-08 19:10:23 +03:00
Moonchild 306f3865cc Merge pull request #461 from trav90/HSTS
Improve HSTS preload list generation
2018-06-07 15:03:27 +02:00
trav90 b789cbe5c1 Regenerate the HSTS preload list 2018-06-07 07:21:38 -05:00
trav90 cef7fcb377 Restore clearly-delimited format for the HSTS preload list 2018-06-06 08:30:34 -05:00
JustOff 6603359347 Request NSS to use DBM as the storage file format 2018-06-06 15:24:07 +02:00
wolfbeast 6f84242a35 Revert "Restore NSS default storage file format to DBM when no prefix is given."
This reverts commit b2c78bbf83.
2018-06-06 15:23:14 +02:00
trav90 3b7938d7a1 Increase concurrent lookups to 15 when generating HSTS preload list 2018-06-05 22:25:18 -05:00
trav90 a32e0cb8c7 Update HSTS preload list generation script
Previous behavior: if an entry was in the previously-used list, and there would be an error connecting to or processing the host, it would adopt it using the previous status, with a new minimum required max age TTL.
New behavior: if an entry is in the previously-used list, and there is an error connecting to or processing the host, it will be dropped from the preload list.

The old behavior would allow entries to persist on the HSTS preload list when they drop off the 'net. Considering domain churn, it would cause issues for new owners for having a persisted HSTS entry preloaded in the browser.
Bonus: it keeps our HSTS preload list lean.
2018-06-05 22:23:30 -05:00
wolfbeast b2c78bbf83 Restore NSS default storage file format to DBM when no prefix is given. 2018-06-05 22:38:40 +02:00
wolfbeast e10349ab8d Update NSS to 3.35-RTM 2018-06-05 22:24:08 +02:00
Gaming4JC bd85173562 Remove support and tests for HSTS priming from the tree. Fixes #384 2018-05-26 15:42:45 -04:00