Commit Graph

39 Commits

Author SHA1 Message Date
trav90 ba241f0825 Update HSTS preload list
Tag #447
2018-06-21 05:29:04 -05:00
wolfbeast 7d3b69729b Fix SSL status ambiguity.
- Adds CipherSuite string with the full suite
- Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.
2018-06-20 19:14:58 +02:00
JustOff f83f62e1bf Update NSS to 3.36.4-RTM 2018-06-11 16:42:50 +03:00
JustOff b1ddd8a8af [PALEMOON] Add missed strings required by page info 2018-06-08 19:10:23 +03:00
Moonchild 306f3865cc Merge pull request #461 from trav90/HSTS
Improve HSTS preload list generation
2018-06-07 15:03:27 +02:00
trav90 b789cbe5c1 Regenerate the HSTS preload list 2018-06-07 07:21:38 -05:00
trav90 cef7fcb377 Restore clearly-delimited format for the HSTS preload list 2018-06-06 08:30:34 -05:00
JustOff 6603359347 Request NSS to use DBM as the storage file format 2018-06-06 15:24:07 +02:00
wolfbeast 6f84242a35 Revert "Restore NSS default storage file format to DBM when no prefix is given."
This reverts commit b2c78bbf83.
2018-06-06 15:23:14 +02:00
trav90 3b7938d7a1 Increase concurrent lookups to 15 when generating HSTS preload list 2018-06-05 22:25:18 -05:00
trav90 a32e0cb8c7 Update HSTS preload list generation script
Previous behavior: if an entry was in the previously-used list, and there would be an error connecting to or processing the host, it would adopt it using the previous status, with a new minimum required max age TTL.
New behavior: if an entry is in the previously-used list, and there is an error connecting to or processing the host, it will be dropped from the preload list.

The old behavior would allow entries to persist on the HSTS preload list when they drop off the 'net. Considering domain churn, it would cause issues for new owners for having a persisted HSTS entry preloaded in the browser.
Bonus: it keeps our HSTS preload list lean.
2018-06-05 22:23:30 -05:00
wolfbeast b2c78bbf83 Restore NSS default storage file format to DBM when no prefix is given. 2018-06-05 22:38:40 +02:00
wolfbeast e10349ab8d Update NSS to 3.35-RTM 2018-06-05 22:24:08 +02:00
Gaming4JC bd85173562 Remove support and tests for HSTS priming from the tree. Fixes #384 2018-05-26 15:42:45 -04:00
wolfbeast 6571d2ceb4 Remove MOZ_WIDGET_GONK [1/2]
Tag #288
2018-05-12 16:19:58 +02:00
wolfbeast 43f7a588f9 Nuke the sandbox 2018-05-03 05:55:15 +02:00
wolfbeast 4613b91eca Remove sandbox ductwork conditional code. 2018-05-03 01:24:31 +02:00
wolfbeast e1490c07e2 Remove GMP sandbox code. 2018-05-02 23:30:36 +02:00
wolfbeast 755e102078 Remove content process sandbox code. 2018-05-02 21:58:04 +02:00
janekptacijarabaci 3442ae7718 Fix unsafe "instanceof" negations
https://github.com/MoonchildProductions/Pale-Moon/pull/1173
2018-05-02 06:57:57 +02:00
Matt A. Tobin 69ac2db129 Partially revert 1ef526f0f - sftkpwd.c
#82 #265
2018-04-26 19:23:01 -04:00
wolfbeast fba28f1975 Revert "Update NSS to 3.35-RTM"
This reverts commit f1a0f0a56f.
2018-04-25 21:33:33 +02:00
janekptacijarabaci c3ec00a152 moebius#119: (Windows) Security - Certificate Stores - NSSCertDBTrustDomain allows end-entities to be their own trust anchors
https://github.com/MoonchildProductions/moebius/pull/119
2018-04-23 09:10:12 +02:00
wolfbeast 1ef526f0f0 Strengthen the use of the Master Password.
- Use 30k iterations instead of 1.
- Enforce minimum password length of 8 characters.
- Adjust strength meter accordingly.

This resolves #82.
2018-04-18 14:05:21 +02:00
janekptacijarabaci 374231de93 moebius#126: [very minor fix] Fix typo in a comment in NSSCertDBTrustDomain.cpp
https://github.com/MoonchildProductions/moebius/pull/126
2018-04-13 20:53:27 +02:00
wolfbeast 4e368f8199 Remove base conditional code for crash reporter and injector. 2018-03-30 08:50:58 +02:00
trav90 daab331cf5 Disable -Wimplicit-fallthrough for a chromium file
GCC 7 supports the clang option -Wimplicit-fallthrough.
2018-03-04 15:26:51 -06:00
wolfbeast 2998d0f5e2 Fix build system translation errors.
Follow-up to 11a8a39f6d
2018-03-04 10:13:33 +01:00
Moonchild e272829137 Merge pull request #34 from janekptacijarabaci/devtools_import-from-moebius_1
Port across devtools enhancements
2018-03-02 10:32:45 +01:00
Matt A. Tobin 11a8a39f6d Use MOZ_FENNEC and MOZ_XULRUNNER instead of checking MOZ_BUILD_APP in most places 2018-03-01 14:26:41 -05:00
janekptacijarabaci 228d252ab1 DevTools - network - security (improvements)
https://github.com/MoonchildProductions/moebius/pull/113
https://github.com/MoonchildProductions/moebius/pull/118
https://github.com/MoonchildProductions/moebius/pull/127
2018-03-01 09:02:37 +01:00
wolfbeast f1a0f0a56f Update NSS to 3.35-RTM 2018-02-23 11:04:39 +01:00
wolfbeast f017b749ea Update NSS to 3.32.1-RTM 2018-02-06 11:46:26 +01:00
wolfbeast d98565a287 Disable 3DES cipher by default + re-order a few things.
Issue #4 point 4
2018-02-02 19:06:52 +01:00
wolfbeast acaf15453c Add RSA-AES + SHA256/384 suites for web compatibility.
Sites with these ciphers (commonly IIS) would otherwise fall back to weak 3DES that will be disabled by default.

Issue #4 points 2 and 3
2018-02-02 19:05:37 +01:00
wolfbeast 3b70762534 Add Camellia to the active cipher suites.
Issue #4 point 1.

Camellia is a strong, modern, safe cipher with no known weaknesses or reduced strength attacks.
The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project.
2018-02-02 19:04:33 +01:00
Matt A. Tobin c0c702a5e3 Use UTC where appropriate in python files 2018-02-02 12:00:37 -05:00
Matt A. Tobin 9627f18ceb Remove kinto client, Firefox kinto storage adapter, blocklist update client and integration with sync, OneCRL and the custom time check for derives system time. 2018-02-02 09:21:33 -05:00
Matt A. Tobin 5f8de423f1 Add m-esr52 at 52.6.0 2018-02-02 04:16:08 -05:00