e494ef04df
Re-generate HSTS preload list without stale entries.
...
Tag #62 .
2018-07-25 09:20:17 +08:00
bd5178f34a
gre/components/nsINIProcessor.js (etc.)
...
JavaScript strict warning: resource://gre/components/nsINIProcessor.js,
line 147:
etc.
SyntaxError: octal literals and octal escape sequences are deprecated
https://bugzilla.mozilla.org/show_bug.cgi?id=1248252
2018-07-25 09:19:00 +08:00
5099d811c6
Update NSS to 3.32.1-RTM
2018-07-25 09:17:32 +08:00
d9de979f3b
Update HSTS preload list
...
Tag #62 .
2018-07-25 09:10:49 +08:00
2a0fefaccb
Update HSTS preload list
...
Tag #62 .
2018-07-25 09:03:15 +08:00
d8017389fe
Update HSTS preload list
...
Tag #62 .
2018-07-25 08:09:47 +08:00
9587f60886
Update NSS to 3.31.1 RTM
2018-07-25 08:07:46 +08:00
e7b92b5c61
Update HSTS preload list
...
Tag #62 .
2018-07-25 07:57:22 +08:00
b78ff1e752
Update HSTS preload list
...
Tag #62 .
2018-07-25 07:36:59 +08:00
7c12c17952
Update NSS to 3.28.5.1-PM
...
This resolves #1134 .
2018-07-25 07:33:31 +08:00
c60bd2e25e
HSTS preload list update.
...
Also increases the concurrent lookups to 15.
Tag #62 .
2018-07-25 07:17:35 +08:00
c924243e71
Fix -Wreorder GCC warning
2018-07-25 07:16:40 +08:00
c28d046daf
Security - Unsafe negotiation warning with TLS 1.3
2018-07-25 07:15:50 +08:00
ef825bd0c8
Security - added support for TLS 1.3 (the next part)
2018-07-25 07:11:32 +08:00
b8198c3a89
Security - added support for TLS 1.3
2018-07-25 07:11:26 +08:00
dce17a6724
Remove preloading of domain PKPins Part 2
...
- Remove security.cert_pinning.process_headers_from_non_builtin_roots
Tag #925
2018-07-25 07:11:08 +08:00
972b14bd7b
Remove preloading of domain PKPins Part 1
...
- Remove static lists
- Remove tools to generate static lists
- Remove no longer used structs
Tag #925
2018-07-25 07:11:06 +08:00
d39cf1f468
Upgrade NSS to 3.28.4-RTM
2018-07-25 07:05:57 +08:00
a3187e5712
Update HSTS preload list
...
Tag #62 .
2018-07-25 07:05:27 +08:00
f543949da5
Remove duplicate callback case statements.
2018-07-25 06:59:05 +08:00
c9ad97a8f5
Add support for RSA+AES+SHA256/384 suites for web compatibility.
...
This adds the following suites for web compatibility despite the
deprecated RSA key exchange that makes little sense with a
very strong HMAC or GCM:
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
Only the 256-bit ones are enabled by default.
2018-07-25 06:58:58 +08:00
c9c81ca7c3
Restore missing RSA+Camellia suites.
2018-07-25 06:58:56 +08:00
b3a189d2de
Follow up to 7bd7e8a - *aState needs both STATE_IS_SECURE and STATE_SECURE_HIGH on re-eval of mixed content
2018-07-25 06:52:56 +08:00
3ca7947b8a
Reset mixed-mode page status to secure if no actual load has occurred through the mixed content blocker.
...
This should take care of injection of non-network URIs that aren't same origin (e.g. extension-sourced data: URIs) triggering mixed-mode warnings.
Assumption here is that data: URIs are safe if "local"; this is a security trade-off that should be acceptable.
2018-07-25 06:52:49 +08:00
3398a810ae
Update HSTS preload list.
...
Tag #62 .
2018-07-25 06:51:16 +08:00
f73e220d0b
Remove obsolete patches
2018-07-25 06:51:01 +08:00
e4f0d12b2c
Enable AES256-GCM for accessibility to overly-strict sites that do not offer ChaCha20.
2018-07-25 06:50:59 +08:00
348757ed67
Extend {EnabledWeakCiphers} bit field to allow more cipher suites.
2018-07-25 06:50:53 +08:00
36fc143339
Add AES256-GCM suites to secmanager.
...
Disabled by default for known wasted performance (40%) on a suite weaker to key attacks than AES128.
2018-07-25 06:50:51 +08:00
8df1603dfd
Enable ChaCha20-Poly1305 suites.
2018-07-25 06:50:49 +08:00
5546cc421e
Temporarily disable Camellia-GCM suites in secmanager.
2018-07-25 06:50:45 +08:00
0ea55177dc
Update NSS symbols
2018-07-25 06:50:43 +08:00
b9ad123d0b
Misc file updates (non-code)
2018-07-25 06:50:39 +08:00
b2b68e070d
Base import of NSS-3.28.3-RTM
2018-07-25 06:50:13 +08:00
1c97ea532c
Update NSS to 3.19.5.1-PM
2018-07-25 06:47:30 +08:00
572a49f9b6
Provide better file name suggestions when exporting certs.
2018-07-25 06:43:51 +08:00
17da3b2364
Update HSTS Preload list
2018-07-25 06:42:57 +08:00
9739829d2d
Don't write HSTS site state to file if HSTS has been user-disabled.
...
This also adds a missing pref observer.
Follow-up to 9bc65e235b62c4e84c69f301bd89de29769f4abf.
2018-07-25 06:36:48 +08:00
8bd908fa4b
Reinstate network.stricttransportsecurity.enabled HSTS switch.
...
Defaults to enabled (HSTS on) but can be flipped to disable the use of the HSTS mechanism, trading security for privacy.
This resolves #830 .
2018-07-25 06:36:25 +08:00
e035fc775e
Update HSTS preload list
2018-07-25 06:22:07 +08:00
1ab1dc37b6
Update HSTS preload list
2018-07-25 01:30:01 +08:00
e3a0bb8614
Update in-tree NSS to 3.19.5-PM
2018-07-25 01:29:31 +08:00
4b96ad2190
HSTS preload list update.
...
Tag #62 .
2018-07-25 01:18:04 +08:00
b142256756
Update list of known CA root hashes
2018-07-25 01:05:11 +08:00
131363dc30
Fix SSL status ambiguity.
...
- Adds CipherSuite string with the full suite
- Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.
This is a reimplementation of 811ce3ff4939b7ece26ad5f99878fc58b92edf7c for Tycho.
2018-07-25 00:55:11 +08:00
d07f653690
Remove FF references in getHSTSPreloadList.js
2018-07-24 23:39:50 +08:00
afa5e10326
Update HSTS Preload List
2018-07-24 23:39:44 +08:00
9cf238a980
Disable unnecessary debug crash breakpoint for not finding a cert.
2018-07-24 23:38:47 +08:00
611db28b83
Avoid a potential data race condition in sha_fast.c:SHA1_End.
2018-07-24 23:31:21 +08:00
903fddcff7
Remove conditional crashreporter code
2018-07-24 23:13:57 +08:00
Pale Moon
janekptacijarabaci
trav90
trav90
NTD
wolfbeast