gecko-dev/build/pgo
Dana Keeler 3b68845290 Bug 1724072 - allow enabling 3DES only when deprecated versions of TLS are enabled r=rmf
Chrome has removed 3DES completely[0], but we're still seeing some uses of it
in telemetry. Our assumption is that this is either due to old devices that
can't be upgraded, and hence probably use TLS 1.0, or servers that bafflingly
choose 3DES when there are other, better, ciphersuites in common.
This patch allows 3DES to only be enabled when deprecated versions of TLS are
enabled. This should protect users against the latter case (where 3DES is
unnecessary) while allowing them to use it in the former case (where it may be
necessary).

NB: The only 3DES ciphersuite gecko makes possible to enable is
TLS_RSA_WITH_3DES_EDE_CBC_SHA. This patch also changes the preference
corresponding to this ciphersuite from "security.ssl3.rsa_des_ede3_sha" to
"security.ssl3.deprecated.rsa_des_ede3_sha".

[0] https://www.chromestatus.com/feature/6678134168485888

Differential Revision: https://phabricator.services.mozilla.com/D121797
2021-08-24 01:25:07 +00:00
..
blueprint
certs Bug 1724072 - replace RC4 capabilities in ssltunnel with 3DES r=rmf 2021-08-18 20:20:12 +00:00
js-input
favicon.ico
genpgocert.py Bug 1699294 - add 'mach generate-test-certs' command to generate test certificate and key artifacts r=glandium 2021-04-14 22:24:11 +00:00
index.html Bug 1641108 - Add perf-reftest-singleton for bug 1640545 changes. r=emilio,perftest-reviewers,sparky 2020-05-27 12:01:53 +00:00
profileserver.py Bug 1654103: Standardize on Black for Python code in `mozilla-central`. 2020-10-26 18:34:53 +00:00
server-locations.txt Bug 1724072 - allow enabling 3DES only when deprecated versions of TLS are enabled r=rmf 2021-08-24 01:25:07 +00:00