Commit message (Collapse) | Author | Age | Lines | |
---|---|---|---|---|
* | Support longer (up to RFC maximum) HKDF outputs | wolfbeast | 2019-10-24 | -8/+25 |
| | | | | | | HKDF-Expand enforces a maximum output length much shorter than stated in the RFC. This patch aligns the implementation with the RFC by allocating more output space when necessary. | |||
* | Properly implement various HSTS states. | wolfbeast | 2019-09-05 | -16/+27 |
| | | | | | | | | Previously, HSTS preload list values could be overridden temporarily due to counter-intuitive behavior of the API's removeState function. This adds an explicit flag to the API for writing knockout values to the Site Security Service, with the default resetting to whatever the preload list state is. | |||
* | Update NSS version. | wolfbeast | 2019-07-17 | -7/+6 |
| | ||||
* | Prohibit the use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3 | wolfbeast | 2019-07-17 | -0/+20 |
| | | | | This is a spec compliance issue. | |||
* | Don't unnecessarily strip leading 0's from key material during PKCS11 import. | wolfbeast | 2019-07-17 | -18/+30 |
| | ||||
* | Apply better input checking discipline. | wolfbeast | 2019-07-17 | -7/+22 |
| | ||||
* | Change softoken password rounds to a more conservative number still | wolfbeast | 2019-07-03 | -2/+2 |
| | | | | | within industry standard security, considering our db hashing is more CPU intensive than anticipated. | |||
* | Merge pull request #1143 from trav90/master | New Tobin Paradigm | 2019-06-26 | -4115/+6505 |
|\ | | | | | Update HSTS preload list | |||
| * | Update HSTS preload list | trav90 | 2019-06-26 | -4115/+6505 |
| | | | | | | | | Tag #447 | |||
* | | Update NSS to 3.41.1 (custom) | wolfbeast | 2019-06-27 | -49/+218 |
|/ | | | | This resolves #82 | |||
* | Revert "Update NSS to 3.41.1 (custom)" | wolfbeast | 2019-06-26 | -213/+45 |
| | | | | This reverts commit fbc2eaacd679f0c484993ffe23d786fd06da22c3. | |||
* | Update NSS to 3.41.1 (custom) | wolfbeast | 2019-06-26 | -45/+213 |
| | | | | This resolves #82 | |||
* | Update HSTS preload list | wolfbeast | 2019-05-28 | -8368/+16300 |
| | | | | Tag #447 | |||
* | Issue #1053 - Drop support Android and remove Fennec - Part 1b: Remove ↵ | Matt A. Tobin | 2019-04-23 | -1/+1 |
| | | | | MOZ_FENNEC | |||
* | Remove SecurityUI telemetry. | adeshkp | 2019-04-21 | -171/+0 |
| | ||||
* | Fix order of member variables in a couple of initializer lists | adeshkp | 2019-03-14 | -1/+1 |
| | ||||
* | Update HSTS preload list | trav90 | 2019-01-31 | -2982/+5618 |
| | | | | Tag #447 | |||
* | Fix check for HSTS when service is disabled. | Ascrod | 2019-01-17 | -1/+1 |
| | ||||
* | Add preference for fully disabling HSTS. | Ascrod | 2019-01-16 | -0/+25 |
| | ||||
* | Remove a pointless `switch` after telemetry cleanup | adeshkp | 2019-01-14 | -14/+0 |
| | ||||
* | Telemetry: Remove stubs and related code | adeshkp | 2019-01-12 | -837/+18 |
| | ||||
* | Update HSTS preload list | trav90 | 2019-01-02 | -1989/+1978 |
| | | | | Tag #447 | |||
* | Update HSTS preload list | trav90 | 2018-12-15 | -2240/+3430 |
| | | | | Tag #447 | |||
* | Update NSS to 3.41 | wolfbeast | 2018-12-15 | -8328/+47108 |
| | ||||
* | Update HSTS preload list | trav90 | 2018-11-27 | -2835/+4530 |
| | | | | Tag #447 | |||
* | Remove AccumulateCipherSuite() | wolfbeast | 2018-11-08 | -71/+2 |
| | | | | This resolves #858 | |||
* | Remove ancient workaround in client certificate code | wolfbeast | 2018-11-02 | -57/+1 |
| | | | | | | | | Apparently a prehistoric server implementation would send a certificate_authorities field that didn't include the outer DER SEQUENCE tag, so PSM attempted to detect this and work around it. This prehistoric server implementation isn't in use anywhere anymore, so this 18-yo server bug workaround can be removed. | |||
* | Make sure nsNSSCertList handling checks for valid certs. | wolfbeast | 2018-11-02 | -3/+36 |
| | ||||
* | Update HSTS preload list | trav90 | 2018-10-27 | -1940/+3077 |
| | | | | Tag #447 | |||
* | Update HSTS preload list | trav90 | 2018-10-12 | -1500/+2523 |
| | | | | Tag #447 | |||
* | Ensure we got an nsISSLStatus when deserializing in TransportSecurityInfo. | wolfbeast | 2018-10-04 | -1/+92 |
| | ||||
* | Update HSTS preload list | trav90 | 2018-09-29 | -1907/+2923 |
| | | | | Tag #447 | |||
* | Get rid of the incorrect mechanism to remove insecure fallback hosts. | wolfbeast | 2018-09-29 | -12/+0 |
| | | | | This fixes #797. | |||
* | Update HSTS preload list | trav90 | 2018-09-11 | -1799/+3198 |
| | | | | Tag #447 | |||
* | Remove all C++ Telemetry Accumulation calls. | wolfbeast | 2018-09-03 | -295/+4 |
| | | | | | This creates a number of stubs and leaves some surrounding code that may be irrelevant (eg. recorded time stamps, status variables). Stub resolution/removal should be a follow-up to this. | |||
* | Remove support for TLS session caches in TLSServerSocket. | wolfbeast | 2018-09-01 | -15/+0 |
| | | | | This resolves #738 | |||
* | Update HSTS preload list | trav90 | 2018-08-27 | -2462/+4464 |
| | | | | Tag #447 | |||
* | Fix missed in32->int64 in df852120098dc7ba5df4a76126c6297c6d2d1b7b | wolfbeast | 2018-08-17 | -1/+1 |
| | | | | Tag #709. | |||
* | Reinstate RC4 and mark 3DES weak. | wolfbeast | 2018-08-17 | -1/+7 |
| | | | | Tag #709 | |||
* | Extend {EnabledWeakCiphers} bit field to allow more cipher suites. | wolfbeast | 2018-08-17 | -8/+8 |
| | | | | Tag #709. | |||
* | Update NSS to 3.38 | wolfbeast | 2018-08-14 | -7139/+4861 |
| | | | | | | | | | | | | | - Added HACL*Poly1305 32-bit (INRIA/Microsoft) - Updated to final TLS 1.3 draft version (28) - Removed TLS 1.3 prerelease draft limit check - Removed NPN code - Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments - Fixed several bugs with TLS 1.3 negotiation - Updated internal certificate store - Added support for the TLS Record Size Limit Extension. - Fixed CVE-2018-0495 - Various security fixes in the ASN.1 code. | |||
* | Update HSTS preload list | trav90 | 2018-08-01 | -1735/+1719 |
| | | | | Tag #447 | |||
* | replace "certErrorCodePrefix2" with "certErrorCodePrefix" | yami | 2018-07-22 | -4/+3 |
| | ||||
* | Remove incorrect debug assertion. | wolfbeast | 2018-07-22 | -9/+1 |
| | | | | solves #631, solves #664 | |||
* | Update HSTS preload list | trav90 | 2018-07-17 | -2555/+4080 |
| | | | | Tag #447 | |||
* | Merge branch 'ported-upstream' | wolfbeast | 2018-07-02 | -2/+3 |
|\ | ||||
| * | Don't leak newTemplate in pk11_copyAttributes() | wolfbeast | 2018-07-01 | -2/+3 |
| | | | | | | | | Cherry-pick of NSS fix from 3.37 | |||
* | | Remove SSL Error Reporting telemetry | wolfbeast | 2018-06-29 | -136/+0 |
|/ | ||||
* | Update HSTS preload list | trav90 | 2018-06-21 | -1865/+2637 |
| | | | | Tag #447 | |||
* | Fix SSL status ambiguity. | wolfbeast | 2018-06-20 | -6/+25 |
| | | | | | - Adds CipherSuite string with the full suite - Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does. |