wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1106470 - Drop SSLv3 support from devtools. r=vporof

Browse Source
This commit is contained in:
Masatoshi Kimura 2015-03-10 01:23:00 +09:00
parent 328ca1d0ed
commit 93d4207bae
8 changed files with 6 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
browser/devtools/netmonitor/netmonitor-view.js
View File

@ -2793,14 +2793,11 @@ NetworkDetailsView.prototype = {
// Warning icons
let cipher = $("#security-warning-cipher");
let sslv3 = $("#security-warning-sslv3");
if (securityInfo.state === "weak") {
cipher.hidden = securityInfo.weaknessReasons.indexOf("cipher") === -1;
sslv3.hidden = securityInfo.weaknessReasons.indexOf("sslv3") === -1;
} else {
cipher.hidden = true;
sslv3.hidden = true;
}
let enabledLabel = L10N.getStr("netmonitor.security.enabled");

3
browser/devtools/netmonitor/netmonitor.xul
View File

@ -523,9 +523,6 @@
class="plain tabpanel-summary-value devtools-monospace cropped-textbox"
flex="1"
readonly="true"/>
<image class="security-warning-icon"
id="security-warning-sslv3"
tooltiptext="&netmonitorUI.security.warning.sslv3;" />
</hbox>
<hbox id="security-ciphersuite"
class="tabpanel-summary-container"

21
browser/devtools/netmonitor/test/browser_net_security-warnings.js
View File

@ -12,25 +12,11 @@ const TEST_CASES = [
desc: "no warnings",
uri: "https://example.com" + CORS_SJS_PATH,
warnCipher: false,
warnSSLv3: false,
},
{
desc: "sslv3 warning",
uri: "https://ssl3.example.com" + CORS_SJS_PATH,
warnCipher: false,
warnSSLv3: true,
},
{
desc: "cipher warning",
uri: "https://rc4.example.com" + CORS_SJS_PATH,
warnCipher: true,
warnSSLv3: false,
},
{
desc: "cipher and sslv3 warning",
uri: "https://ssl3rc4.example.com" + CORS_SJS_PATH,
warnCipher: true,
warnSSLv3: true,
},
];
@ -40,16 +26,14 @@ add_task(function* () {
let { RequestsMenu, NetworkDetails } = NetMonitorView;
RequestsMenu.lazyUpdate = false;
info("Enabling SSLv3 and RC4 for the test.");
info("Enabling RC4 for the test.");
yield new promise(resolve => {
SpecialPowers.pushPrefEnv({"set": [
["security.tls.version.min", 0],
["security.tls.insecure_fallback_hosts", "rc4.example.com,ssl3rc4.example.com"]
["security.tls.insecure_fallback_hosts", "rc4.example.com"]
]}, resolve);
});
let cipher = $("#security-warning-cipher");
let sslv3 = $("#security-warning-sslv3");
for (let test of TEST_CASES) {
info("Testing site with " + test.desc);
@ -73,7 +57,6 @@ add_task(function* () {
}
is(cipher.hidden, !test.warnCipher, "Cipher suite warning is hidden.");
is(sslv3.hidden, !test.warnSSLv3, "SSLv3 warning is hidden.");
RequestsMenu.clear();

9
browser/devtools/webconsole/test/browser_webconsole_certificate_messages.js
View File

@ -11,10 +11,6 @@ let gWebconsoleTests = [
{url: "https://sha1ee.example.com" + TEST_URI_PATH,
name: "SHA1 warning displayed successfully",
warning: ["SHA-1"], nowarning: ["SSL 3.0", "RC4"]},
{url: "https://ssl3.example.com" + TEST_URI_PATH,
name: "SSL3 warning displayed successfully",
pref: [["security.tls.version.min", 0]],
warning: ["SSL 3.0"], nowarning: ["SHA-1", "RC4"]},
{url: "https://rc4.example.com" + TEST_URI_PATH,
name: "RC4 warning displayed successfully",
pref: [["security.tls.insecure_fallback_hosts", "rc4.example.com"]],
@ -23,11 +19,6 @@ let gWebconsoleTests = [
name: "Unrestricted RC4 fallback worked",
pref: [["security.tls.unrestricted_rc4_fallback", true]],
warning: ["RC4"], nowarning: ["SHA-1", "SSL 3.0"]},
{url: "https://ssl3rc4.example.com" + TEST_URI_PATH,
name: "SSL3 and RC4 warning displayed successfully",
pref: [["security.tls.version.min", 0],
["security.tls.insecure_fallback_hosts", "ssl3rc4.example.com"]],
warning: ["SSL 3.0", "RC4"], nowarning: ["SHA-1"]},
{url: "https://sha256ee.example.com" + TEST_URI_PATH,
name: "SSL warnings appropriately not present",
warning: [], nowarning: ["SHA-1", "SSL 3.0", "RC4"]},

5
netwerk/protocol/http/nsHttpChannel.cpp
View File

@ -1219,11 +1219,6 @@ nsHttpChannel::ProcessSSLInformation()
NS_SUCCEEDED(securityInfo->GetSecurityState(&state)) &&
(state & nsIWebProgressListener::STATE_IS_BROKEN)) {
// Send weak crypto warnings to the web console
if (state & nsIWebProgressListener::STATE_USES_SSL_3) {
nsString consoleErrorTag = NS_LITERAL_STRING("WeakProtocolVersionWarning");
nsString consoleErrorCategory = NS_LITERAL_STRING("SSL");
AddSecurityMessage(consoleErrorTag, consoleErrorCategory);
}
if (state & nsIWebProgressListener::STATE_USES_WEAK_CRYPTO) {
nsString consoleErrorTag = NS_LITERAL_STRING("WeakCipherSuiteWarning");
nsString consoleErrorCategory = NS_LITERAL_STRING("SSL");

15
toolkit/devtools/webconsole/network-helper.js
View File

@ -515,7 +515,7 @@ let NetworkHelper = {
* If state == broken:
* - errorMessage: full error message from nsITransportSecurityInfo.
* If state == secure:
* - protocolVersion: one of SSLv3, TLSv1, TLSv1.1, TLSv1.2.
* - protocolVersion: one of TLSv1, TLSv1.1, TLSv1.2.
* - cipherSuite: the cipher suite used in this connection.
* - cert: information about certificate used in this connection.
* See parseCertificateInfo for the contents.
@ -689,13 +689,11 @@ let NetworkHelper = {
* @param Number version
* One of nsISSLStatus version constants.
* @return string
* One of SSLv3, TLSv1, TLSv1.1, TLSv1.2 if @param version is valid,
* One of TLSv1, TLSv1.1, TLSv1.2 if @param version is valid,
* Unknown otherwise.
*/
formatSecurityProtocol: function NH_formatSecurityProtocol(version) {
switch (version) {
case Ci.nsISSLStatus.SSL_VERSION_3:
return "SSLv3";
case Ci.nsISSLStatus.TLS_VERSION_1:
return "TLSv1";
case Ci.nsISSLStatus.TLS_VERSION_1_1:
@ -717,9 +715,8 @@ let NetworkHelper = {
* nsITransportSecurityInfo.securityState.
*
* @return Array[String]
* List of weakness reasons. A subset of { cipher, sslv3 } where
* List of weakness reasons. A subset of { cipher } where
* * cipher: The cipher suite is consireded to be weak (RC4).
* * sslv3: The protocol, SSLv3, is weak.
*/
getReasonsForWeakness: function NH_getReasonsForWeakness(state) {
const wpl = Ci.nsIWebProgressListener;
@ -730,17 +727,13 @@ let NetworkHelper = {
let reasons = [];
if (state & wpl.STATE_IS_BROKEN) {
let isSSLV3 = state & wpl.STATE_USES_SSL_3;
let isCipher = state & wpl.STATE_USES_WEAK_CRYPTO;
if (isSSLV3) {
reasons.push("sslv3");
}
if (isCipher) {
reasons.push("cipher");
}
if (!isCipher && !isSSLV3) {
if (!isCipher) {
DevToolsUtils.reportException("NetworkHelper.getReasonsForWeakness",
"STATE_IS_BROKEN without a known reason. Full state was: " + state);
}

4
toolkit/devtools/webconsole/test/unit/test_security-info-protocol-version.js
View File

@ -20,10 +20,6 @@ Object.defineProperty(this, "NetworkHelper", {
const Ci = Components.interfaces;
const TEST_CASES = [
{
description: "SSL_VERSION_3",
input: 0,
expected: "SSLv3"
}, {
description: "TLS_VERSION_1",
input: 1,
expected: "TLSv1"

8
toolkit/devtools/webconsole/test/unit/test_security-info-weakness-reasons.js
View File

@ -24,14 +24,6 @@ const TEST_CASES = [
description: "weak cipher",
input: wpl.STATE_IS_BROKEN | wpl.STATE_USES_WEAK_CRYPTO,
expected: ["cipher"]
}, {
description: "weak sslv3 protocol",
input: wpl.STATE_IS_BROKEN | wpl.STATE_USES_SSL_3,
expected: ["sslv3"]
}, {
description: "weak cipher + sslv3",
input: wpl.STATE_IS_BROKEN | wpl.STATE_USES_WEAK_CRYPTO | wpl.STATE_USES_SSL_3,
expected: ["sslv3", "cipher"] // order matters for deepEqual
}, {
description: "only STATE_IS_BROKEN flag",
input: wpl.STATE_IS_BROKEN,