Brian Smith
2bd47f2cb9
Bug 975229: Remove NSS-based certificate verification, r=keeler
...
--HG--
extra : rebase_source : 49cb20f1b51e2d9993a35decd820764e20ad9be9
2014-06-16 23:13:29 -07:00
Monica Chew
6948373904
Bug 1012882: Restrict pinning to desktop (r=keeler)
2014-06-02 15:06:30 -07:00
Monica Chew
9eb1c9c9de
Bug 1009720: Telemetry for CERT_PINNING_TEST_RESULTS (r=keeler)
2014-05-13 13:50:13 -07:00
Camilo Viecco
ae2571aa01
Bug 1006107 - Disable pining by default, setup pinning for *.addons.mozilla.org. r=dkeeler
...
--HG--
extra : rebase_source : 93b1dbd5dc31490424060729a3941deffa8ee1d5
2014-05-05 13:59:32 -07:00
Camilo Viecco
71d731b4d8
Bug 915930 - Make mozilla::pkix the default certificate verifier for all (not just desktop) r=briansmith
...
--HG--
extra : rebase_source : 56402e60078298dc64cf5476afda7c95671a7092
2014-04-25 13:22:30 -07:00
David Keeler
93234b4b96
bug 990248 - enable mozilla::pkix by default in Firefox Nightly r=briansmith r=cviecco
2014-03-31 14:41:59 -07:00
Patrick McManus
eed1f67347
Bug 890994: ALPN support for Gecko, r=briansmith
2014-01-14 15:34:23 -05:00
Steffen Wilberg
41c3083073
Bug 937789: Display SSL/TLS cipher suite prefs in about:config again, r=briansmith
...
--HG--
extra : rebase_source : 552f45bd2d854e047b53a90588be91d0d859b2da
2013-12-03 20:00:37 -08:00
Ajitesh Gupta
6b707d4378
Bug 917047: Remove the security.enable_md5_signatures pref, r=briansmith
...
--HG--
extra : rebase_source : ae721bc7f91b399e61c2efb869e15ab902c810e0
2013-11-19 16:05:26 -08:00
Brian Smith
1af2ea48ab
Bug 942729, Part 1: Re-enable TLS False Start, r=mcmanus
...
--HG--
extra : rebase_source : 9908b1cbc3a30e9868739a10a705de8dbf30c5e1
2013-11-20 13:49:33 -08:00
Brian Smith
44c48384aa
Bug 934663: Enable AES-GCM cipher suites; disable SEED, ECDH_*, and FIPS, and DSS+Camellia cipher suites, r=cviecco
...
--HG--
extra : rebase_source : a1542ba09258448e571109bc4aa6423cd9ad616a
2013-11-01 05:20:03 -07:00
Meadhbh Hamrick
873b00084f
Bug 861266: Enable TLS 1.2 by default, r=briansmith
...
--HG--
extra : rebase_source : 4f28724d58791e1ee0e281ff48232f5aaca2048f
2013-11-01 04:48:57 -07:00
Brian Smith
303d322823
Bug 932176: Add preference to control whether OCSP GET is used, off by default, r=cviecco
...
--HG--
extra : rebase_source : 7cbc273155d04bc64a110eda9216c6f727ce0c18
2013-10-24 14:32:09 -07:00
Brian Smith
49651e60b3
Bug 733647: Enable TLS 1.1 by default, r=wtc
...
--HG--
extra : rebase_source : 539406fa06a715e60d84b207a6112257262817f6
2013-10-26 01:01:37 -07:00
Michael Harrison
ba6232742c
Bug 917049 - Remove the security.enable_tls_session_tickets pref. r=keeler
2013-10-22 12:33:00 +01:00
Camilo Viecco
349356e064
Bug 926116 : AES-GCM ciphers now disabled by default. r=bsmith
2013-10-14 13:32:23 -07:00
Camilo Viecco
4253a66de0
Backed out changeset f327334172ab. Bad bug number in comment. Â 926116(good) vs 926166(bad)
2013-10-14 13:24:03 -07:00
Camilo Viecco
bb20752241
Bug 926166: disable aes-gcm ciphers as default. r=bsmith.
2013-10-14 13:11:34 -07:00
Brian Smith
c766c7c19d
Bug 920248: Temporarily disable TLS false start, r=keeler, r=wtc
...
--HG--
extra : rebase_source : 4fc35de2d6e2dc99de11b2a2d0c0f3ebe1de8b97
2013-09-25 12:00:36 -07:00
Camilo Viecco
bbd934ff77
Bug 916226: Enable ecdhe AES128 CGM ciphers in psm now that nss support them. r=bsmith
...
--HG--
extra : rebase_source : 82379823637ef6cda9ffd8765881ff30a76b5b46
2013-09-16 15:43:05 -07:00
Patrick McManus
9c44286c03
bug 658222 - Enable TLS False Start (PSM) r=bsmith
...
--HG--
extra : rebase_source : ac9f77ba73a0a902f4b6aa8d52add7d52efb1b53
2013-06-28 16:58:28 -04:00
David Keeler
cc2926b0a1
bug 700693 - OCSP stapling PSM changes r=bsmith
2013-06-17 16:45:49 -07:00
Ryan VanderMeulen
211dccca9c
Backed out changesets 448ba56d9ba4 and 8cea4b4646ef (bug 700693) for intermittent failures.
2013-06-20 19:50:13 -04:00
David Keeler
296e40dedd
bug 700693 - OCSP stapling PSM changes r=bsmith
2013-06-17 16:45:49 -07:00
Brian Smith
64edf36eaf
Bug 733642: Allow the user to enable any version of TLS that libssl supports, maintaining our current defaults, r=dolske
...
--HG--
extra : rebase_source : 3484236a9d357b70a88387e0f27d3757db79bd4b
2013-04-11 11:02:51 -07:00
Brian Smith
d79b8dcdb8
Bug 799009: Remove unneeded SSL-related security alerts, r=honzab, r=dao
2012-11-10 20:49:44 -08:00
Brian Smith
1da60348ef
Bug 799007: Remove support for low/weak/null cipher suites, r=honzab, r=dao
2012-11-10 20:49:29 -08:00
Brian Smith
87d054d8e5
backout cset b36d5c933092 due to orange
2012-11-10 19:09:07 -08:00
Brian Smith
7781a26273
backout cset 30f8e29f9cd1 due to orange
2012-11-10 19:08:26 -08:00
Brian Smith
d6580050c0
Bug 799009: Remove unneeded SSL-related security alerts, r=honzab, r=dao
...
--HG--
extra : rebase_source : b6216bf3163f63f1eb4f16901943d9f351bca2cf
2012-11-10 18:19:55 -08:00
Brian Smith
cb19bf16cd
Bug 799007: Remove support for low/weak/null cipher suites, r=honzab, r=dao
...
--HG--
extra : rebase_source : 822ef336a5cdeb7d6693dbe46844a26465600854
2012-11-10 18:18:14 -08:00
Brian Smith
8ce6af0cbe
Bug 650355 - Stop accepting MD5 as a hash algorithm in signatures, r=johnath
2012-07-12 15:38:43 -07:00
Gervase Markham
ca171eec44
Bug 716478 - update licence to MPL 2.
2012-05-21 12:12:37 +01:00
Kai Engert
5aece0e7f9
backout bug 650355, r=wtc
2012-05-03 12:38:29 +02:00
Kai Engert
e84250dff4
Bug 650355, Stop accepting MD5 as a hash algorithm in certificate signatures, r=johnath
2012-03-16 16:42:51 +01:00
Kai Engert
38c016dd58
Bug 732390, Add preference to configure acceptance of MD5 in signatures, still accept by default, NSS calls r+=rrelyea, PSM pref code r+=honzab, pref name feedback+=dveditz
2012-03-10 22:18:13 +01:00
Brian Smith
60e886946e
Bug 593077: Remove SSL 2.0 Support and Fortezza Cipher Suites, r=kaie
2011-08-15 22:38:56 -07:00
Ed Morley
d460b89ece
Bug 654552 - Remove WinCE code from netwerk/* ; r=cbiesinger
2011-05-07 10:03:16 +02:00
Wan-Teh Chang
42d2fa87f3
Bug 591523: Disable SSL false start by default.
...
r=sayrer a=blocking2.0:beta7
2010-09-21 14:57:09 -07:00
Wan-Teh Chang
10e2a2f4b6
Bug 580679: remove preference security.ssl.enable_compression because
...
the change to build NSS with NSS_ENABLE_ZLIB=1 was reverted. Will try
again after mozilla 2.0. review+ and approval2.0+ by bsmedberg.
2010-09-02 13:40:19 -07:00
Wan-Teh Chang
17b96c0c9b
Bug 580679: Build NSS with the TLS zlib compression code.
...
Add the security.ssl.enable_compression preference to
enable TLS compression, disabled by default.
r=khuey,kaie,sayrer,ted. approval2.0+ by bsmedberg.
2010-08-12 14:12:05 -07:00
Wan-Teh Chang
3888ee5a98
Bug 583908 - Enable TLS false start in Mozilla. r/a=sayrer. (CLOSED TREE)
2010-08-03 23:36:53 -07:00
Wan-Teh Chang
bced390ee5
bustage fix for test_bug329869.html failure (undo pref flip from bug 583908)
2010-08-02 23:41:11 -07:00
Wan-Teh Chang
fb34c59071
Bug 583908: Enable TLS false start by default. Add the preference
...
security.ssl.enable_false_start to disable it. r=sayrer.
approval2.0+ by sayrer.
2010-08-02 22:10:52 -07:00
Saint Wesonga
f8842ec6aa
Bug 572668. Don't send the useless crypto token in the UA string. r=bzbarsky
2010-07-02 16:56:09 -04:00
Kai Engert
3171f40058
Bug 549641, Firefox raises alarm (in error console) about SSL servers being vulnerable to CVE-2009-3555
...
r=rrelyea, r=honzab
2010-05-03 13:34:16 +02:00
Kai Engert
5e46a26c8d
Bug 535649 - Implement UI around CVE-2009-3555 and draft-rescorla-tls-renegotiation, r=rrelyea
...
== NSS 3.12.6 will block some renegotiation attempts on SSL sockets by default
== This patch does not yet implement new UI by default, but adds 4 new prefs to get fine grained control (blocking/allowing, displaying broken state)
== One of the prefs is a temporary pref that is supposed to go away at some point in the future
2010-02-07 13:09:51 +01:00
Vladimir Vukicevic
8025aafe1c
b=511808, disable Camellia on Windows CE until alignment bug is fixed; r=jduell
2009-08-24 11:07:48 -07:00
Kai Engert
fd9b2056dc
Bug 478839 - Support South Korean SEED crypto cipher suites. r=nelson
2009-08-09 09:19:06 +02:00
Kai Engert
361a0c664d
Bug 431819, IMAP/POP/SMTP/LDAP with SSL client auth, Thunderbird repeatedly prompts for client certificate
...
(applies to firefox with SSL client auth, too)
r=relyea for an earlier patch that was checked in to mozilla-1.8.x more than a year ago
r=honzab on the diff on top of that earlier patch
a=beltzner for landing on restricted trunk
2009-05-21 00:21:51 +02:00