Bug 1130670 - Remove vestigial RC4 fallback frontend. r?dolske
MozReview-Commit-ID: G0KF4j2OtyY
--- a/browser/base/content/aboutNetError.xhtml
+++ b/browser/base/content/aboutNetError.xhtml
@@ -89,22 +89,16 @@
} catch (e) {
// We probably tried to reload a URI that caused an exception to
// occur; e.g. a nonexistent file.
}
buttonEl.disabled = true;
}
- function doOverride(buttonEl) {
- var event = new CustomEvent("AboutNetErrorOverride", {bubbles:true});
- document.dispatchEvent(event);
- retryThis(buttonEl);
- }
-
function toggleDisplay(node) {
const toggle = {
"": "block",
"none": "block",
"block": "none"
};
return (node.style.display = toggle[node.style.display]);
}
@@ -119,20 +113,19 @@
panel.style.display = "block";
document.getElementById("netErrorButtonContainer").style.display = "none";
document.getElementById("prefResetButton").addEventListener("click", function resetPreferences(e) {
const event = new CustomEvent("AboutNetErrorResetPreferences", {bubbles:true});
document.dispatchEvent(event);
});
}
- function showAdvancedButton(allowOverride) {
+ function showAdvancedButton() {
// Get the hostname and add it to the panel
- var panelId = gIsCertError ? "badCertAdvancedPanel" : "weakCryptoAdvancedPanel";
- var panel = document.getElementById(panelId);
+ var panel = document.getElementById("badCertAdvancedPanel");
for (var span of panel.querySelectorAll("span.hostname")) {
span.textContent = document.location.hostname;
}
if (!gIsCertError) {
panel.replaceChild(document.getElementById("errorLongDesc"),
document.getElementById("advancedLongDesc"));
}
@@ -149,32 +142,26 @@
}
if (panel.style.display == "block") {
// send event to trigger telemetry ping
var event = new CustomEvent("AboutNetErrorUIExpanded", {bubbles:true});
document.dispatchEvent(event);
}
});
-
- if (allowOverride) {
- document.getElementById("overrideWeakCryptoPanel").style.display = "flex";
- var overrideLink = document.getElementById("overrideWeakCrypto");
- overrideLink.addEventListener("click", () => doOverride(overrideLink), false);
- }
}
function initPageCertError() {
document.body.className = "certerror";
document.title = document.getElementById("certErrorPageTitle").textContent;
for (let host of document.querySelectorAll(".hostname")) {
host.textContent = document.location.hostname;
}
- showAdvancedButton(true);
+ showAdvancedButton();
var cssClass = getCSSClass();
if (cssClass == "expertBadCert") {
toggleDisplay(document.getElementById("badCertAdvancedPanel"));
// Toggling the advanced panel must ensure that the debugging
// information panel is hidden as well, since it's opened by the
// error code link in the advanced panel.
var div = document.getElementById("certificateErrorDebugInformation");
@@ -259,20 +246,16 @@
if (err == "sslv3Used") {
document.getElementById("learnMoreContainer").style.display = "block";
let learnMoreLink = document.getElementById("learnMoreLink");
learnMoreLink.href = "https://support.mozilla.org/kb/how-resolve-sslv3-error-messages-firefox";
document.body.className = "certerror";
}
- if (err == "weakCryptoUsed") {
- document.body.className = "certerror";
- }
-
// remove undisplayed errors to avoid bug 39098
var errContainer = document.getElementById("errorContainer");
errContainer.parentNode.removeChild(errContainer);
var className = getCSSClass();
if (className && className != "expertBadCert") {
// Associate a CSS class with the root of the page, if one was passed in,
// to allow custom styling.
@@ -298,27 +281,24 @@
if (err == "cspBlocked") {
// Remove the "Try again" button for CSP violations, since it's
// almost certainly useless. (Bug 553180)
document.getElementById("netErrorButtonContainer").style.display = "none";
}
window.addEventListener("AboutNetErrorOptions", function(evt) {
// Pinning errors are of type nssFailure2
- if (getErrorCode() == "nssFailure2" || getErrorCode() == "weakCryptoUsed") {
+ if (getErrorCode() == "nssFailure2") {
document.getElementById("learnMoreContainer").style.display = "block";
let learnMoreLink = document.getElementById("learnMoreLink");
// nssFailure2 also gets us other non-overrideable errors. Choose
// a "learn more" link based on description:
if (getDescription().includes("mozilla_pkix_error_key_pinning_failure")) {
learnMoreLink.href = "https://support.mozilla.org/kb/certificate-pinning-reports";
}
- if (getErrorCode() == "weakCryptoUsed") {
- learnMoreLink.href = "https://support.mozilla.org/kb/how-resolve-weak-crypto-error-messages-firefox";
- }
var options = JSON.parse(evt.detail);
if (options && options.enabled) {
var checkbox = document.getElementById("automaticallyReportInFuture");
showCertificateErrorReporting();
if (options.automatic) {
// set the checkbox
checkbox.checked = true;
@@ -338,18 +318,18 @@
"SSL_ERROR_NO_CYPHER_OVERLAP",
"SSL_ERROR_NO_CIPHERS_SUPPORTED"
].some((substring) => getDescription().includes(substring));
// If it looks like an error that is user config based
if (getErrorCode() == "nssFailure2" && hasPrefStyleError && options && options.changedCertPrefs) {
showPrefChangeContainer();
}
}
- if (getErrorCode() == "weakCryptoUsed" || getErrorCode() == "sslv3Used") {
- showAdvancedButton(getErrorCode() == "weakCryptoUsed");
+ if (getErrorCode() == "sslv3Used") {
+ showAdvancedButton();
}
}.bind(this), true, true);
var event = new CustomEvent("AboutNetErrorLoad", {bubbles:true});
document.dispatchEvent(event);
if (err == "inadequateSecurityError") {
// Remove the "Try again" button for HTTP/2 inadequate security as it
@@ -465,18 +445,17 @@
* The certificate is only valid for garage.maemo.org
*/
if (thisHost.endsWith("." + okHost))
link.href = proto + okHost;
// If we set a link, meaning there's something helpful for
// the user here, expand the section by default
if (link.href && getCSSClass() != "expertBadCert") {
- var panelId = gIsCertError ? "badCertAdvancedPanel" : "weakCryptoAdvancedPanel"
- toggleDisplay(document.getElementById(panelId));
+ toggleDisplay(document.getElementById("badCertAdvancedPanel"));
if (gIsCertError) {
// Toggling the advanced panel must ensure that the debugging
// information panel is hidden as well, since it's opened by the
// error code link in the advanced panel.
var div = document.getElementById("certificateErrorDebugInformation");
div.style.display = "none";
}
}
@@ -519,17 +498,16 @@
<h1 id="et_contentEncodingError">&contentEncodingError.title;</h1>
<h1 id="et_unsafeContentType">&unsafeContentType.title;</h1>
<h1 id="et_nssFailure2">&nssFailure2.title;</h1>
<h1 id="et_nssBadCert">&certerror.longpagetitle1;</h1>
<h1 id="et_cspBlocked">&cspBlocked.title;</h1>
<h1 id="et_remoteXUL">&remoteXUL.title;</h1>
<h1 id="et_corruptedContentErrorv2">&corruptedContentErrorv2.title;</h1>
<h1 id="et_sslv3Used">&sslv3Used.title;</h1>
- <h1 id="et_weakCryptoUsed">&weakCryptoUsed.title;</h1>
<h1 id="et_inadequateSecurityError">&inadequateSecurityError.title;</h1>
</div>
<div id="errorDescriptionsContainer">
<div id="ed_generic">&generic.longDesc;</div>
<div id="ed_dnsNotFound">&dnsNotFound.longDesc;</div>
<div id="ed_fileNotFound">&fileNotFound.longDesc;</div>
<div id="ed_fileAccessDenied">&fileAccessDenied.longDesc;</div>
<div id="ed_malformedURI">&malformedURI.longDesc;</div>
@@ -548,17 +526,16 @@
<div id="ed_contentEncodingError">&contentEncodingError.longDesc;</div>
<div id="ed_unsafeContentType">&unsafeContentType.longDesc;</div>
<div id="ed_nssFailure2">&nssFailure2.longDesc2;</div>
<div id="ed_nssBadCert">&certerror.introPara;</div>
<div id="ed_cspBlocked">&cspBlocked.longDesc;</div>
<div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
<div id="ed_corruptedContentErrorv2">&corruptedContentErrorv2.longDesc;</div>
<div id="ed_sslv3Used">&sslv3Used.longDesc2;</div>
- <div id="ed_weakCryptoUsed">&weakCryptoUsed.longDesc2;</div>
<div id="ed_inadequateSecurityError">&inadequateSecurityError.longDesc;</div>
</div>
</div>
<!-- PAGE CONTAINER (for styling purposes only) -->
<div id="errorPageContainer" class="container">
<!-- Error Title -->
@@ -622,26 +599,16 @@
<div id="certificateErrorReporting">
<p class="toggle-container-with-text">
<input type="checkbox" id="automaticallyReportInFuture" />
<label for="automaticallyReportInFuture" id="automaticallyReportInFuture">&errorReporting.automatic2;</label>
</p>
</div>
<div id="advancedPanelContainer">
- <div id="weakCryptoAdvancedPanel" class="advanced-panel">
- <div id="weakCryptoAdvancedDescription">
- <p>&weakCryptoAdvanced.longDesc;</p>
- </div>
- <div id="advancedLongDesc" />
- <div id="overrideWeakCryptoPanel">
- <a id="overrideWeakCrypto" href="#">&weakCryptoAdvanced.override;</a>
- </div>
- </div>
-
<div id="badCertAdvancedPanel" class="advanced-panel">
<p id="badCertTechnicalInfo"/>
<button id="exceptionDialogButton">&securityOverride.exceptionButtonLabel;</button>
</div>
</div>
</div>
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -2743,30 +2743,28 @@ var BrowserOnClick = {
let mm = window.messageManager;
mm.addMessageListener("Browser:CertExceptionError", this);
mm.addMessageListener("Browser:SiteBlockedError", this);
mm.addMessageListener("Browser:EnableOnlineMode", this);
mm.addMessageListener("Browser:SendSSLErrorReport", this);
mm.addMessageListener("Browser:SetSSLErrorReportAuto", this);
mm.addMessageListener("Browser:ResetSSLPreferences", this);
mm.addMessageListener("Browser:SSLErrorReportTelemetry", this);
- mm.addMessageListener("Browser:OverrideWeakCrypto", this);
mm.addMessageListener("Browser:SSLErrorGoBack", this);
},
uninit: function() {
let mm = window.messageManager;
mm.removeMessageListener("Browser:CertExceptionError", this);
mm.removeMessageListener("Browser:SiteBlockedError", this);
mm.removeMessageListener("Browser:EnableOnlineMode", this);
mm.removeMessageListener("Browser:SendSSLErrorReport", this);
mm.removeMessageListener("Browser:SetSSLErrorReportAuto", this);
mm.removeMessageListener("Browser:ResetSSLPreferences", this);
mm.removeMessageListener("Browser:SSLErrorReportTelemetry", this);
- mm.removeMessageListener("Browser:OverrideWeakCrypto", this);
mm.removeMessageListener("Browser:SSLErrorGoBack", this);
},
handleEvent: function(event) {
if (!event.isTrusted || // Don't trust synthetic events
event.button == 2) {
return;
}
@@ -2820,23 +2818,16 @@ var BrowserOnClick = {
}
Services.telemetry.getHistogramById("TLS_ERROR_REPORT_UI").add(bin);
break;
case "Browser:SSLErrorReportTelemetry":
let reportStatus = msg.data.reportStatus;
Services.telemetry.getHistogramById("TLS_ERROR_REPORT_UI")
.add(reportStatus);
break;
- case "Browser:OverrideWeakCrypto":
- let weakCryptoOverride = Cc["@mozilla.org/security/weakcryptooverride;1"]
- .getService(Ci.nsIWeakCryptoOverride);
- weakCryptoOverride.addWeakCryptoOverride(
- msg.data.uri.host,
- PrivateBrowsingUtils.isBrowserPrivate(gBrowser.selectedBrowser));
- break;
case "Browser:SSLErrorGoBack":
goBackFromErrorPage();
break;
}
},
onSSLErrorReport: function(browser, uri, securityInfo) {
if (!Services.prefs.getBoolPref("security.ssl.errorReporting.enabled")) {
@@ -6825,17 +6816,16 @@ var gIdentityHandler = {
// Then, update the user interface with the available data.
this.refreshIdentityBlock();
// Handle a location change while the Control Center is focused
// by closing the popup (bug 1207542)
if (shouldHidePopup) {
this._identityPopup.hidePopup();
}
- this.showWeakCryptoInfoBar();
// NOTE: We do NOT update the identity popup (the control center) when
// we receive a new security state on the existing page (i.e. from a
// subframe). If the user opened the popup and looks at the provided
// information we don't want to suddenly change the panel contents.
},
/**
@@ -7015,65 +7005,16 @@ var gIdentityHandler = {
// Set cropping and direction
this._identityIconLabel.crop = icon_country_label ? "end" : "center";
this._identityIconLabel.parentNode.style.direction = icon_labels_dir;
// Hide completely if the organization label is empty
this._identityIconLabel.parentNode.collapsed = icon_label ? false : true;
},
/**
- * Show the weak crypto notification bar.
- */
- showWeakCryptoInfoBar() {
- if (!this._uriHasHost || !this._isBroken || !this._sslStatus.cipherName ||
- this._sslStatus.cipherName.indexOf("_RC4_") < 0) {
- return;
- }
-
- let notificationBox = gBrowser.getNotificationBox();
- let notification = notificationBox.getNotificationWithValue("weak-crypto");
- if (notification) {
- return;
- }
-
- let brandBundle = document.getElementById("bundle_brand");
- let brandShortName = brandBundle.getString("brandShortName");
- let message = gNavigatorBundle.getFormattedString("weakCryptoOverriding.message",
- [brandShortName]);
-
- let host = this._uri.host;
- let port = 443;
- try {
- if (this._uri.port > 0) {
- port = this._uri.port;
- }
- } catch (e) {}
-
- let buttons = [{
- label: gNavigatorBundle.getString("revokeOverride.label"),
- accessKey: gNavigatorBundle.getString("revokeOverride.accesskey"),
- callback: function(aNotification, aButton) {
- try {
- let weakCryptoOverride = Cc["@mozilla.org/security/weakcryptooverride;1"]
- .getService(Ci.nsIWeakCryptoOverride);
- weakCryptoOverride.removeWeakCryptoOverride(host, port,
- PrivateBrowsingUtils.isBrowserPrivate(gBrowser.selectedBrowser));
- BrowserReloadWithFlags(nsIWebNavigation.LOAD_FLAGS_BYPASS_CACHE);
- } catch (e) {
- Cu.reportError(e);
- }
- }
- }];
-
- const priority = notificationBox.PRIORITY_WARNING_MEDIUM;
- notificationBox.appendNotification(message, "weak-crypto", null,
- priority, buttons);
- },
-
- /**
* Set up the title and content messages for the identity message popup,
* based on the specified mode, and the details of the SSL cert, where
* applicable
*/
refreshIdentityPopup() {
// Update "Learn More" for Mixed Content Blocking and Insecure Login Forms.
let baseURL = Services.urlFormatter.formatURLPref("app.support.baseURL");
this._identityPopupMixedContentLearnMore
--- a/browser/base/content/content.js
+++ b/browser/base/content/content.js
@@ -346,19 +346,16 @@ var AboutNetAndCertErrorListener = {
switch (aEvent.type) {
case "AboutNetErrorLoad":
this.onPageLoad(aEvent);
break;
case "AboutNetErrorSetAutomatic":
this.onSetAutomatic(aEvent);
break;
- case "AboutNetErrorOverride":
- this.onOverride(aEvent);
- break;
case "AboutNetErrorResetPreferences":
this.onResetPreferences(aEvent);
break;
}
},
changedCertPrefs: function() {
for (let prefName of PREF_SSL_IMPACT) {
@@ -405,21 +402,16 @@ var AboutNetAndCertErrorListener = {
let {host, port} = content.document.mozDocumentURIIfNotForErrorPages;
sendAsyncMessage("Browser:SendSSLErrorReport", {
uri: { host, port },
securityInfo: getSerializedSecurityInfo(docShell),
});
}
},
-
- onOverride: function(evt) {
- let {host, port} = content.document.mozDocumentURIIfNotForErrorPages;
- sendAsyncMessage("Browser:OverrideWeakCrypto", { uri: {host, port} });
- }
}
AboutNetAndCertErrorListener.init(this);
var ClickEventHandler = {
init: function init() {
Cc["@mozilla.org/eventlistenerservice;1"]
--- a/browser/base/content/test/general/browser_misused_characters_in_strings.js
+++ b/browser/base/content/test/general/browser_misused_characters_in_strings.js
@@ -13,24 +13,16 @@ let gWhitelist = [{
key: "searchForSomethingWith",
type: "single-quote"
}, {
file: "netError.dtd",
key: "certerror.introPara",
type: "single-quote"
}, {
file: "netError.dtd",
- key: "weakCryptoAdvanced.longDesc",
- type: "single-quote"
- }, {
- file: "netError.dtd",
- key: "weakCryptoAdvanced.override",
- type: "single-quote"
- }, {
- file: "netError.dtd",
key: "inadequateSecurityError.longDesc",
type: "single-quote"
}, {
file: "netError.dtd",
key: "certerror.wrongSystemTime",
type: "single-quote"
}, {
file: "phishing-afterload-warning-message.dtd",
--- a/browser/locales/en-US/chrome/browser/browser.properties
+++ b/browser/locales/en-US/chrome/browser/browser.properties
@@ -696,21 +696,16 @@ userContext.aboutPage.accesskey = O
userContextOpenLink.label = Open Link in New %S Tab
muteTab.label = Mute Tab
muteTab.accesskey = M
unmuteTab.label = Unmute Tab
unmuteTab.accesskey = M
-# LOCALIZATION NOTE (weakCryptoOverriding.message): %S is brandShortName
-weakCryptoOverriding.message = %S recommends that you don’t enter your password, credit card and other personal information on this website.
-revokeOverride.label = Don’t Trust This Website
-revokeOverride.accesskey = D
-
# LOCALIZATION NOTE (certErrorDetails*.label): These are text strings that
# appear in the about:certerror page, so that the user can copy and send them to
# the server administrators for troubleshooting.
certErrorDetailsHSTS.label = HTTP Strict Transport Security: %S
certErrorDetailsKeyPinning.label = HTTP Public Key Pinning: %S
certErrorDetailsCertChain.label = Certificate chain:
# LOCALIZATION NOTE (pendingCrashReports2.label): Semi-colon list of plural forms
--- a/browser/locales/en-US/chrome/overrides/appstrings.properties
+++ b/browser/locales/en-US/chrome/overrides/appstrings.properties
@@ -33,11 +33,9 @@ externalProtocolLaunchBtn=Launch applica
malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
deceptiveBlocked=This web page at %S has been reported as a deceptive site and has been blocked based on your security preferences.
cspBlocked=This page has a content security policy that prevents it from being loaded in this way.
corruptedContentErrorv2=The site at %S has experienced a network protocol violation that cannot be repaired.
remoteXUL=This page uses an unsupported technology that is no longer available by default in Firefox.
## LOCALIZATION NOTE (sslv3Used) - Do not translate "%S".
sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol.
-## LOCALIZATION NOTE (weakCryptoUsed) - Do not translate "%S".
-weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
inadequateSecurityError=The website tried to negotiate an inadequate level of security.
--- a/browser/locales/en-US/chrome/overrides/netError.dtd
+++ b/browser/locales/en-US/chrome/overrides/netError.dtd
@@ -184,24 +184,16 @@ was trying to connect. -->
<!ENTITY remoteXUL.title "Remote XUL">
<!ENTITY remoteXUL.longDesc "<p><ul><li>Please contact the website owners to inform them of this problem.</li></ul></p>">
<!ENTITY sslv3Used.title "Unable to Connect Securely">
<!-- LOCALIZATION NOTE (sslv3Used.longDesc2) - Do not translate
"SSL_ERROR_UNSUPPORTED_VERSION". -->
<!ENTITY sslv3Used.longDesc2 "Advanced info: SSL_ERROR_UNSUPPORTED_VERSION">
-<!ENTITY weakCryptoUsed.title "Your connection is not secure">
-<!-- LOCALIZATION NOTE (weakCryptoUsed.longDesc2) - Do not translate
- "SSL_ERROR_NO_CYPHER_OVERLAP". -->
-<!ENTITY weakCryptoUsed.longDesc2 "Advanced info: SSL_ERROR_NO_CYPHER_OVERLAP">
-<!ENTITY weakCryptoAdvanced.title "Advanced">
-<!ENTITY weakCryptoAdvanced.longDesc "<span class='hostname'></span> uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe.">
-<!ENTITY weakCryptoAdvanced.override "(Not secure) Try loading <span class='hostname'></span> using outdated security">
-
<!-- LOCALIZATION NOTE (certerror.wrongSystemTime) - The <span id='..' /> tags will be injected with actual values,
please leave them unchanged. -->
<!ENTITY certerror.wrongSystemTime "<p>A secure connection to <span id='wrongSystemTime_URL'/> isn’t possible because your clock appears to show the wrong time.</p> <p>Your computer thinks it is <span id='wrongSystemTime_systemDate'/>, when it should be <span id='wrongSystemTime_actualDate'/>. To fix this problem, change your date and time settings to match the correct time.</p>">
<!ENTITY certerror.pagetitle1 "Insecure Connection">
<!ENTITY certerror.whatShouldIDo.badStsCertExplanation "This site uses HTTP
Strict Transport Security (HSTS) to specify that &brandShortName; may only connect
to it securely. As a result, it is not possible to add an exception for this