* the certificates were regenerated using ./mach generate-test-certs
* the build/pgo/certs/ changes were made using ./mach python build/pgo/genpgocert.py
* the zip files in security/manager/ssl/tests/unit/test_signed_apps/ were updated per the directions in the corresponding moz.build file
* security/manager/ssl/tests/unit/test_cert_override_read.js was updated per the instructions in its output
* this text was copied and updated from the previous regeneration bug, bug 1874627
These certificates and other test artifacts will now expire in 2026.
* the certificates were regenerated using `./mach generate-test-certs`
* the build/pgo/certs/ changes were made using
`./mach python build/pgo/genpgocert.py`
* the zip files in security/manager/ssl/tests/unit/test_signed_apps/ were
updated per the directions in the corresponding moz.build file
* security/manager/ssl/tests/unit/test_cert_override_read.js needed manual
updating
These certificates and other test artifacts will now expire in 2025.
Differential Revision: https://phabricator.services.mozilla.com/D198727
If a TLS server asks for a client authentication certificate, no dialog asking
the user to select one should be shown until the server's certificate verifies
successfully.
Differential Revision: https://phabricator.services.mozilla.com/D175170
If a TLS server asks for a client authentication certificate, no dialog asking
the user to select one should be shown until the server's certificate verifies
successfully.
Differential Revision: https://phabricator.services.mozilla.com/D175170
* the certificates were regenerated using `./mach generate-test-certs`
* the build/pgo/certs/ changes were made using
`./mach python build/pgo/genpgocert.py`
* the zip files in security/manager/ssl/tests/unit/test_signed_apps/ were
updated per the directions in the corresponding moz.build file
* security/manager/ssl/tests/unit/test_cert_override_read.js needed manual
updating
Differential Revision: https://phabricator.services.mozilla.com/D135283
Having 3 regular domains to test fission scenarios will help migrating to https-first for DevTools mochitests.
example.org and example.com are both available in http and https, but example.net is only available in http for now.
This patch was created by adding https://example.net to build/pgo/server-locations.txt and then running `./mach python build/pgo/genpgocert.py`
Differential Revision: https://phabricator.services.mozilla.com/D127922
This patch updates ssltunnel to have a configuration where it only uses a 3DES
ciphersuite, rather than RC4 ciphersuites. This has to be done in stages
because otherwise android tests will fail, because their hostutils doesn't
actually use what's in-tree, and has to be updated separately.
Differential Revision: https://phabricator.services.mozilla.com/D122393
Chrome has removed 3DES completely[0], but we're still seeing some uses of it
in telemetry. Our assumption is that this is either due to old devices that
can't be upgraded, and hence probably use TLS 1.0, or servers that bafflingly
choose 3DES when there are other, better, ciphersuites in common.
This patch allows 3DES to only be enabled when deprecated versions of TLS are
enabled. This should protect users against the latter case (where 3DES is
unnecessary) while allowing them to use it in the former case (where it may be
necessary).
NB: The only 3DES ciphersuite gecko makes possible to enable is
TLS_RSA_WITH_3DES_EDE_CBC_SHA. This patch also changes the preference
corresponding to this ciphersuite from "security.ssl3.rsa_des_ede3_sha" to
"security.ssl3.deprecated.rsa_des_ede3_sha".
[0] https://www.chromestatus.com/feature/6678134168485888
Differential Revision: https://phabricator.services.mozilla.com/D121797
Adds secureonly.example.com:443 to server-locations.txt - this host is only available on HTTPS.
Regenerates certs using `./mach python build/pgo/genpgocert.py` command.
Sets network.dns.native-is-localhost pref in test so we don't trigger assertion.
Differential Revision: https://phabricator.services.mozilla.com/D94005
WebAuthn needs to write a test to confirm it's prohibited when accessed via
an IP address. This adds the capability to get a SecureContext for an IP host.
It uses 127.0.0.2 so as to bypass restrictions on 127.0.0.1, and the use of .1
as a special-market in ssltunnel.
Differential Revision: https://phabricator.services.mozilla.com/D63570
--HG--
extra : moz-landing-system : lando
