Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #10607: Show warnings for TLS 1.0 and TLS 1.1 #6574

Merged
merged 1 commit into from
Sep 10, 2020
Merged

Fix #10607: Show warnings for TLS 1.0 and TLS 1.1 #6574

merged 1 commit into from
Sep 10, 2020

Conversation

jumde
Copy link
Contributor

@jumde jumde commented Sep 2, 2020
edited
Loading

Resolves brave/brave-browser#10607

Submitter Checklist:

Test Plan:

  1. Navigate to https://tls-v1-1.badssl.com:1011/
  2. Verify a warning is displayed.

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

After-merge Checklist:

  • The associated issue milestone is set to the smallest version that the
    changes has landed on.
  • All relevant documentation has been updated.

@jumde jumde requested a review from bridiver as a code owner September 2, 2020 20:57
@jumde jumde self-assigned this Sep 2, 2020
@jumde jumde force-pushed the legacy_tls_warnings branch 2 times, most recently from 132a14e to 6c9fa6e Compare September 3, 2020 00:35
@jumde jumde force-pushed the legacy_tls_warnings branch 4 times, most recently from eb02015 to a286e0f Compare September 3, 2020 22:12
bsclifton
bsclifton approved these changes Sep 4, 2020
View reviewed changes
Copy link
Member

@bsclifton bsclifton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this a lot <3

bridiver
bridiver reviewed Sep 8, 2020
View reviewed changes
patches/services-network-ssl_config_service_mojo.cc.patch Outdated

bool SSLConfigServiceMojo::ShouldSuppressLegacyTLSWarning(
const std::string& hostname) const {
+ BRAVE_SHOW_LEGACY_TLS_WARNINGS
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it looks like there are several ways this could be done without patching as discussed in slack

diracdeltas
diracdeltas approved these changes Sep 8, 2020
View reviewed changes
Copy link
Member

@diracdeltas diracdeltas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

works for me

@jumde jumde force-pushed the legacy_tls_warnings branch 2 times, most recently from 41fd3f8 to 224038e Compare September 9, 2020 06:41
@jumde jumde requested a review from bridiver September 9, 2020 17:23
@jumde jumde mentioned this pull request Sep 9, 2020
Closed
bridiver
bridiver reviewed Sep 10, 2020
View reviewed changes
chromium_src/chrome/browser/component_updater/tls_deprecation_config_component_installer.cc
// static
void TLSDeprecationConfigComponentInstallerPolicy::
ReconfigureAfterNetworkRestart() {
base::ThreadPool::PostTaskAndReplyWithResult(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you don't need any of this because you're not doing anything that requires IO

bridiver
bridiver reviewed Sep 10, 2020
View reviewed changes
chromium_src/chrome/browser/component_updater/tls_deprecation_config_component_installer.cc
namespace {

std::string LoadEmptyConfig() {
base::ScopedBlockingCall scoped_blocking_call(FROM_HERE,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see https://github.com/brave/brave-core/pull/6574/files#r486400797

@jumde jumde merged commit 328dff6 into master Sep 10, 2020
@jumde jumde deleted the legacy_tls_warnings branch September 10, 2020 17:26
brave-builds pushed a commit that referenced this pull request Sep 10, 2020
@brave-browser-releases
Uplift of #6574 (squashed) to beta
93cf28a
brave-builds pushed a commit that referenced this pull request Sep 10, 2020
@brave-browser-releases
Uplift of #6574 (squashed) to release
b87d7b6
This was referenced Sep 10, 2020
Merged
Merged
@jumde jumde added this to the 1.16.x - Nightly milestone Sep 10, 2020
@kjozwiak
Copy link
Member

Reproduced the original issue on macOS 10.15.6 x64 using the following build:

Brave | 1.16.7 Chromium: 85.0.4183.102 (Official Build) nightly (64-bit)
--- | ---
Revision | ffe848af6a5df4fa127e2929331116b7f9f1cb30-refs/branch-heads/4183@{#1770}
OS | macOS Version 10.15.6 (Build 19G73)

Screen Shot 2020-09-11 at 11 38 53 AM

Verification PASSED on macOS 10.15.6 x64 using the following build:

Brave | 1.16.9 Chromium: 85.0.4183.102 (Official Build) nightly (64-bit)
-- | --
Revision | ffe848af6a5df4fa127e2929331116b7f9f1cb30-refs/branch-heads/4183@{#1770}
OS | macOS Version 10.15.6 (Build 19G73)

Screen Shot 2020-09-11 at 11 40 58 AM

Screen Shot 2020-09-11 at 11 41 05 AM

Screen Shot 2020-09-11 at 11 41 18 AM

@fmarier fmarier mentioned this pull request Nov 27, 2020
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bsclifton bsclifton bsclifton approved these changes

@iefremov iefremov iefremov approved these changes

@diracdeltas diracdeltas diracdeltas approved these changes

@bridiver bridiver bridiver approved these changes

@fmarier fmarier Awaiting requested review from fmarier

Assignees

@jumde jumde

Labels
None yet
Projects
None yet
Milestone
1.16.x - Release #1
Development

Successfully merging this pull request may close these issues.

Brave accepts TLS 1.0 and TLS 1.1 without any warning!
6 participants
@jumde @kjozwiak @bridiver @diracdeltas @iefremov @bsclifton