Commit Graph

22 Commits

Author SHA1 Message Date
trav90 ba241f0825 Update HSTS preload list
Tag #447
2018-06-21 05:29:04 -05:00
wolfbeast 7d3b69729b Fix SSL status ambiguity.
- Adds CipherSuite string with the full suite
- Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.
2018-06-20 19:14:58 +02:00
JustOff b1ddd8a8af [PALEMOON] Add missed strings required by page info 2018-06-08 19:10:23 +03:00
Moonchild 306f3865cc Merge pull request #461 from trav90/HSTS
Improve HSTS preload list generation
2018-06-07 15:03:27 +02:00
trav90 b789cbe5c1 Regenerate the HSTS preload list 2018-06-07 07:21:38 -05:00
trav90 cef7fcb377 Restore clearly-delimited format for the HSTS preload list 2018-06-06 08:30:34 -05:00
JustOff 6603359347 Request NSS to use DBM as the storage file format 2018-06-06 15:24:07 +02:00
trav90 3b7938d7a1 Increase concurrent lookups to 15 when generating HSTS preload list 2018-06-05 22:25:18 -05:00
trav90 a32e0cb8c7 Update HSTS preload list generation script
Previous behavior: if an entry was in the previously-used list, and there would be an error connecting to or processing the host, it would adopt it using the previous status, with a new minimum required max age TTL.
New behavior: if an entry is in the previously-used list, and there is an error connecting to or processing the host, it will be dropped from the preload list.

The old behavior would allow entries to persist on the HSTS preload list when they drop off the 'net. Considering domain churn, it would cause issues for new owners for having a persisted HSTS entry preloaded in the browser.
Bonus: it keeps our HSTS preload list lean.
2018-06-05 22:23:30 -05:00
Gaming4JC bd85173562 Remove support and tests for HSTS priming from the tree. Fixes #384 2018-05-26 15:42:45 -04:00
wolfbeast 6571d2ceb4 Remove MOZ_WIDGET_GONK [1/2]
Tag #288
2018-05-12 16:19:58 +02:00
janekptacijarabaci 3442ae7718 Fix unsafe "instanceof" negations
https://github.com/MoonchildProductions/Pale-Moon/pull/1173
2018-05-02 06:57:57 +02:00
janekptacijarabaci c3ec00a152 moebius#119: (Windows) Security - Certificate Stores - NSSCertDBTrustDomain allows end-entities to be their own trust anchors
https://github.com/MoonchildProductions/moebius/pull/119
2018-04-23 09:10:12 +02:00
wolfbeast 2998d0f5e2 Fix build system translation errors.
Follow-up to 11a8a39f6d
2018-03-04 10:13:33 +01:00
Moonchild e272829137 Merge pull request #34 from janekptacijarabaci/devtools_import-from-moebius_1
Port across devtools enhancements
2018-03-02 10:32:45 +01:00
Matt A. Tobin 11a8a39f6d Use MOZ_FENNEC and MOZ_XULRUNNER instead of checking MOZ_BUILD_APP in most places 2018-03-01 14:26:41 -05:00
janekptacijarabaci 228d252ab1 DevTools - network - security (improvements)
https://github.com/MoonchildProductions/moebius/pull/113
https://github.com/MoonchildProductions/moebius/pull/118
https://github.com/MoonchildProductions/moebius/pull/127
2018-03-01 09:02:37 +01:00
wolfbeast d98565a287 Disable 3DES cipher by default + re-order a few things.
Issue #4 point 4
2018-02-02 19:06:52 +01:00
wolfbeast acaf15453c Add RSA-AES + SHA256/384 suites for web compatibility.
Sites with these ciphers (commonly IIS) would otherwise fall back to weak 3DES that will be disabled by default.

Issue #4 points 2 and 3
2018-02-02 19:05:37 +01:00
wolfbeast 3b70762534 Add Camellia to the active cipher suites.
Issue #4 point 1.

Camellia is a strong, modern, safe cipher with no known weaknesses or reduced strength attacks.
The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project.
2018-02-02 19:04:33 +01:00
Matt A. Tobin 9627f18ceb Remove kinto client, Firefox kinto storage adapter, blocklist update client and integration with sync, OneCRL and the custom time check for derives system time. 2018-02-02 09:21:33 -05:00
Matt A. Tobin 5f8de423f1 Add m-esr52 at 52.6.0 2018-02-02 04:16:08 -05:00