Commit message (Collapse) | Author | Age | Lines | |
---|---|---|---|---|
* | Remove AccumulateCipherSuite() | wolfbeast | 2018-11-08 | -71/+2 |
| | | | | This resolves #858 | |||
* | Remove ancient workaround in client certificate code | wolfbeast | 2018-11-02 | -57/+1 |
| | | | | | | | | Apparently a prehistoric server implementation would send a certificate_authorities field that didn't include the outer DER SEQUENCE tag, so PSM attempted to detect this and work around it. This prehistoric server implementation isn't in use anywhere anymore, so this 18-yo server bug workaround can be removed. | |||
* | Make sure nsNSSCertList handling checks for valid certs. | wolfbeast | 2018-11-02 | -3/+36 |
| | ||||
* | Update HSTS preload list | trav90 | 2018-10-27 | -1940/+3077 |
| | | | | Tag #447 | |||
* | Update HSTS preload list | trav90 | 2018-10-12 | -1500/+2523 |
| | | | | Tag #447 | |||
* | Ensure we got an nsISSLStatus when deserializing in TransportSecurityInfo. | wolfbeast | 2018-10-04 | -1/+92 |
| | ||||
* | Update HSTS preload list | trav90 | 2018-09-29 | -1907/+2923 |
| | | | | Tag #447 | |||
* | Get rid of the incorrect mechanism to remove insecure fallback hosts. | wolfbeast | 2018-09-29 | -12/+0 |
| | | | | This fixes #797. | |||
* | Update HSTS preload list | trav90 | 2018-09-11 | -1799/+3198 |
| | | | | Tag #447 | |||
* | Remove all C++ Telemetry Accumulation calls. | wolfbeast | 2018-09-03 | -295/+4 |
| | | | | | This creates a number of stubs and leaves some surrounding code that may be irrelevant (eg. recorded time stamps, status variables). Stub resolution/removal should be a follow-up to this. | |||
* | Remove support for TLS session caches in TLSServerSocket. | wolfbeast | 2018-09-01 | -15/+0 |
| | | | | This resolves #738 | |||
* | Update HSTS preload list | trav90 | 2018-08-27 | -2462/+4464 |
| | | | | Tag #447 | |||
* | Fix missed in32->int64 in df852120098dc7ba5df4a76126c6297c6d2d1b7b | wolfbeast | 2018-08-17 | -1/+1 |
| | | | | Tag #709. | |||
* | Reinstate RC4 and mark 3DES weak. | wolfbeast | 2018-08-17 | -1/+7 |
| | | | | Tag #709 | |||
* | Extend {EnabledWeakCiphers} bit field to allow more cipher suites. | wolfbeast | 2018-08-17 | -8/+8 |
| | | | | Tag #709. | |||
* | Update NSS to 3.38 | wolfbeast | 2018-08-14 | -7139/+4861 |
| | | | | | | | | | | | | | - Added HACL*Poly1305 32-bit (INRIA/Microsoft) - Updated to final TLS 1.3 draft version (28) - Removed TLS 1.3 prerelease draft limit check - Removed NPN code - Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments - Fixed several bugs with TLS 1.3 negotiation - Updated internal certificate store - Added support for the TLS Record Size Limit Extension. - Fixed CVE-2018-0495 - Various security fixes in the ASN.1 code. | |||
* | Update HSTS preload list | trav90 | 2018-08-01 | -1735/+1719 |
| | | | | Tag #447 | |||
* | replace "certErrorCodePrefix2" with "certErrorCodePrefix" | yami | 2018-07-22 | -4/+3 |
| | ||||
* | Remove incorrect debug assertion. | wolfbeast | 2018-07-22 | -9/+1 |
| | | | | solves #631, solves #664 | |||
* | Update HSTS preload list | trav90 | 2018-07-17 | -2555/+4080 |
| | | | | Tag #447 | |||
* | Merge branch 'ported-upstream' | wolfbeast | 2018-07-02 | -2/+3 |
|\ | ||||
| * | Don't leak newTemplate in pk11_copyAttributes() | wolfbeast | 2018-07-01 | -2/+3 |
| | | | | | | | | Cherry-pick of NSS fix from 3.37 | |||
* | | Remove SSL Error Reporting telemetry | wolfbeast | 2018-06-29 | -136/+0 |
|/ | ||||
* | Update HSTS preload list | trav90 | 2018-06-21 | -1865/+2637 |
| | | | | Tag #447 | |||
* | Fix SSL status ambiguity. | wolfbeast | 2018-06-20 | -6/+25 |
| | | | | | - Adds CipherSuite string with the full suite - Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does. | |||
* | Update NSS to 3.36.4-RTM | JustOff | 2018-06-11 | -5825/+5550 |
| | ||||
* | [PALEMOON] Add missed strings required by page info | JustOff | 2018-06-08 | -1/+3 |
| | ||||
* | Merge pull request #461 from trav90/HSTS | Moonchild | 2018-06-07 | -64341/+42935 |
|\ | | | | | Improve HSTS preload list generation | |||
| * | Regenerate the HSTS preload list | trav90 | 2018-06-07 | -64270/+42907 |
| | | ||||
| * | Restore clearly-delimited format for the HSTS preload list | trav90 | 2018-06-06 | -65/+23 |
| | | ||||
| * | Increase concurrent lookups to 15 when generating HSTS preload list | trav90 | 2018-06-05 | -1/+1 |
| | | ||||
| * | Update HSTS preload list generation script | trav90 | 2018-06-05 | -5/+4 |
| | | | | | | | | | | | | | | | | Previous behavior: if an entry was in the previously-used list, and there would be an error connecting to or processing the host, it would adopt it using the previous status, with a new minimum required max age TTL. New behavior: if an entry is in the previously-used list, and there is an error connecting to or processing the host, it will be dropped from the preload list. The old behavior would allow entries to persist on the HSTS preload list when they drop off the 'net. Considering domain churn, it would cause issues for new owners for having a persisted HSTS entry preloaded in the browser. Bonus: it keeps our HSTS preload list lean. | |||
* | | Request NSS to use DBM as the storage file format | JustOff | 2018-06-06 | -5/+17 |
| | | ||||
* | | Revert "Restore NSS default storage file format to DBM when no prefix is given." | wolfbeast | 2018-06-06 | -98/+4 |
| | | | | | | | | This reverts commit b2c78bbf83f75bf034028814329fdd43b6bfe885. | |||
* | | Restore NSS default storage file format to DBM when no prefix is given.NSS_3.35_TEST | wolfbeast | 2018-06-05 | -4/+98 |
| | | ||||
* | | Update NSS to 3.35-RTM | wolfbeast | 2018-06-05 | -15971/+34294 |
|/ | ||||
* | Remove support and tests for HSTS priming from the tree. Fixes #384 | Gaming4JC | 2018-05-26 | -17/+0 |
| | ||||
* | Remove MOZ_WIDGET_GONK [1/2] | wolfbeast | 2018-05-12 | -6/+0 |
| | | | | Tag #288 | |||
* | Nuke the sandbox | wolfbeast | 2018-05-03 | -87958/+0 |
| | ||||
* | Remove sandbox ductwork conditional code. | wolfbeast | 2018-05-03 | -6/+0 |
| | ||||
* | Remove GMP sandbox code. | wolfbeast | 2018-05-02 | -206/+0 |
| | ||||
* | Remove content process sandbox code. | wolfbeast | 2018-05-02 | -823/+0 |
| | ||||
* | Fix unsafe "instanceof" negations | janekptacijarabaci | 2018-05-02 | -3/+0 |
| | | | | https://github.com/MoonchildProductions/Pale-Moon/pull/1173 | |||
* | Partially revert 1ef526f0f - sftkpwd.c | Matt A. Tobin | 2018-04-26 | -2/+2 |
| | | | | #82 #265 | |||
* | Revert "Update NSS to 3.35-RTM" | wolfbeast | 2018-04-25 | -34294/+15971 |
| | | | | This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94. | |||
* | moebius#119: (Windows) Security - Certificate Stores - NSSCertDBTrustDomain ↵ | janekptacijarabaci | 2018-04-23 | -6/+31 |
| | | | | | | allows end-entities to be their own trust anchors https://github.com/MoonchildProductions/moebius/pull/119 | |||
* | Strengthen the use of the Master Password. | wolfbeast | 2018-04-18 | -2/+2 |
| | | | | | | | | - Use 30k iterations instead of 1. - Enforce minimum password length of 8 characters. - Adjust strength meter accordingly. This resolves #82. | |||
* | moebius#126: [very minor fix] Fix typo in a comment in NSSCertDBTrustDomain.cpp | janekptacijarabaci | 2018-04-13 | -2/+2 |
| | | | | https://github.com/MoonchildProductions/moebius/pull/126 | |||
* | Remove base conditional code for crash reporter and injector. | wolfbeast | 2018-03-30 | -6/+0 |
| | ||||
* | Disable -Wimplicit-fallthrough for a chromium file | trav90 | 2018-03-04 | -2/+2 |
| | | | | GCC 7 supports the clang option -Wimplicit-fallthrough. |