Before this change, if a certificate's issuer DN did not have an organization component,
nsIX509Cert.issuerOrganization would fall back to using the issuer common name.
This was never a good idea, because this gave misleading information to consumers of
this interface. Furthermore, it appears that all consumers of this interface already do such
a fallback (for display purposes) when they've determined that it's a reasonable thing to do.
Previous behavior: if an entry was in the previously-used list, and there would be an error connecting to or processing the host, it would adopt it using the previous status, with a new minimum required max age TTL.
New behavior: if an entry is in the previously-used list, and there is an error connecting to or processing the host, it will be dropped from the preload list.
The old behavior would allow entries to persist on the HSTS preload list when they drop off the 'net. Considering domain churn, it would cause issues for new owners for having a persisted HSTS entry preloaded in the browser.
Bonus: it keeps our HSTS preload list lean.
JavaScript strict warning: resource://gre/components/nsINIProcessor.js,
line 147:
etc.
SyntaxError: octal literals and octal escape sequences are deprecated
https://bugzilla.mozilla.org/show_bug.cgi?id=1248252
This adds the following suites for web compatibility despite the
deprecated RSA key exchange that makes little sense with a
very strong HMAC or GCM:
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
Only the 256-bit ones are enabled by default.
This should take care of injection of non-network URIs that aren't same origin (e.g. extension-sourced data: URIs) triggering mixed-mode warnings.
Assumption here is that data: URIs are safe if "local"; this is a security trade-off that should be acceptable.
- Adds CipherSuite string with the full suite
- Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.
This is a reimplementation of 811ce3ff4939b7ece26ad5f99878fc58b92edf7c for Tycho.
Pale Moon
janekptacijarabaci
trav90
trav90
NTD
wolfbeast