Closed Bug 1593635 Opened 5 years ago Closed 4 years ago

Expose TLS min/max versions in browser-settings

Categories

(WebExtensions :: General, enhancement, P2)

enhancement

Tracking

(firefox72 fixed)

RESOLVED FIXED
mozilla72
Tracking Status
firefox72 --- fixed

People

(Reporter: baku, Assigned: baku)

References

Details

(Keywords: dev-doc-complete)

Attachments

(1 file)

This is a requested feature for secure-proxy.

fyi

Flags: needinfo?(philipp)
Priority: -- → P2
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/bcbb45f7d4f1
Expose TLS min/max versions as browser-settings properties, r=mixedpuppy
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
Regressions: 1599756

(In reply to Andrea Marchesini [:baku] from comment #0)

This is a requested feature for secure-proxy.

This is very low on details for this request. Can you please provide more info here? Why would secure proxy need to change this, and why then does this need to be a privileged-only setting?

ni?baku for a response...

I requested privileged because this can limit the level of TLS support, and I'm not certain I want extensions to be able to do that, certainly not without a deeper examination of the issues around that, and especially without having a good way to explain the potential impact to most end users. It's easier to make this generally available than to take it away later.

Flags: needinfo?(amarchesini)

This is very low on details for this request. Can you please provide more info here? Why would secure proxy need to change this, and why then does this need to be a privileged-only setting?

Secure-Proxy requires TLS 1.3. We want to be sure that, when the proxy is on, the TLS max version is set to 1.3.
I don't think it's a good idea to give the ability to change TLS versions to any extension. Reducing the TLS version can have a strong security impact.

Flags: needinfo?(amarchesini)

Hello Andrea,

Could you please provide more details or some test scenarios for QA to be able to verify this enhancement?
Should we make use of this extension in order to test: https://github.com/mozilla/secure-proxy ?
I am assuming that it requires manual qa but if it does not then please set the "qe- verify" tag. Thank you!

Flags: needinfo?(amarchesini)

No need QA for this bug. We have enough mochitests.

Flags: needinfo?(amarchesini) → qe-verify-
Blocks: 1607371
Flags: needinfo?(philipp)

docnote: network.tlsVersionRestriction can be read, but requires privileged signature to write, otherwise an exception is thrown.

MDN updates available for review: content and BCD.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: