Mercurial > mozreview > gecko / changeset / 556eb45db653b6d90d1078d89fe9c9c2d827aa4d
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1386754 - Deprecate 3DES on nightly builds r?dveditz draft
authorJ.C. Jones <jjones@mozilla.com>
Wed, 02 Aug 2017 11:03:39 -0700
changeset 620033 556eb45db653b6d90d1078d89fe9c9c2d827aa4d
parent 619581 52285ea5e54c73d3ed824544cef2ee3f195f05e6
child 640568 9072c3167590f740ab27077eb433ae186333c108
push id71896
push userbmo:jjones@mozilla.com
push dateWed, 02 Aug 2017 23:55:35 +0000
reviewersdveditz
bugs1386754
milestone57.0a1
Bug 1386754 - Deprecate 3DES on nightly builds r?dveditz 3DES usage is well below 1% [1]. A recent TLS Canary run with "security.ssl3.rsa_des_ede3_sha" disabled showed 825 of 500,000 sites being affected by deprecating 3DES [2]. This starts the deprecation by disabling the 3DES cipher suite preference in nightly builds. [1] https://mzl.la/2uNt0BP [2] https://tlscanary.mozilla.org/runs/2017-08-01-17-07-49/ MozReview-Commit-ID: C9cobeOqGLj
security/manager/ssl/security-prefs.js file | annotate | diff | comparison | revisions 
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -23,17 +23,22 @@ pref("security.ssl3.ecdhe_rsa_aes_256_gc
 pref("security.ssl3.ecdhe_rsa_aes_128_sha", true);
 pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true);
 pref("security.ssl3.ecdhe_rsa_aes_256_sha", true);
 pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true);
 pref("security.ssl3.dhe_rsa_aes_128_sha", true);
 pref("security.ssl3.dhe_rsa_aes_256_sha", true);
 pref("security.ssl3.rsa_aes_128_sha", true);
 pref("security.ssl3.rsa_aes_256_sha", true);
+// Deprecate 3DES on nightly builds, Bug 1386754
+#ifdef RELEASE_OR_BETA
 pref("security.ssl3.rsa_des_ede3_sha", true);
+#else
+pref("security.ssl3.rsa_des_ede3_sha", false);
+#endif
 
 pref("security.content.signature.root_hash",
      "97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E");
 
 pref("security.default_personal_cert",   "Ask Every Time");
 pref("security.remember_cert_checkbox_default_setting", true);
 pref("security.ask_for_password",        0);
 pref("security.password_lifetime",       30);
gecko
Deployed from af051c2a8da7 at 2024-04-29T16:08:03Z.