Bug 1137991 - Remove SSLv3 option from SSL panel in Privacy & Security preferences (without string changes) ui-r=Neil r=IanN a=IanN comm-aurora
authorrsx11m <rsx11m.pub@gmail.com>
Mon, 09 Mar 2015 21:52:47 -0500
changeset 25955 976e3ac4f9d90a4bd682f359a7e69c480b5b4e6d
parent 25954 7fb6b59a7c2765a3161d81f614b126a68fe72094
child 25956 69d873e28d3ae533640289e7682624618b37e698
push id1850
push userclokep@gmail.com
push dateWed, 08 Mar 2017 19:29:12 +0000
treeherdercomm-esr52@028df196b2d9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersNeil, IanN, IanN
bugs1137991
Bug 1137991 - Remove SSLv3 option from SSL panel in Privacy & Security preferences (without string changes) ui-r=Neil r=IanN a=IanN comm-aurora a=Callek CLOSED TREE
suite/locales/en-US/chrome/common/help/ssl_help.xhtml
suite/security/prefs/pref-ssl.js
suite/security/prefs/pref-ssl.xul
--- a/suite/locales/en-US/chrome/common/help/ssl_help.xhtml
+++ b/suite/locales/en-US/chrome/common/help/ssl_help.xhtml
@@ -45,47 +45,48 @@
 
 <h3 id="ssl_protocol_versions">SSL Protocol Versions</h3>
 
 <p>The <a href="glossary.xhtml#ssl">Secure Sockets Layer (SSL)</a> protocol
   defines rules governing mutual authentication between a website and browser
   software and the encryption of information that flows between them. It is
   also used for secure communication in various other protocols, e.g., for
   protection of sensitive information exchanged with email, calendar, or
-  directory servers. The newer Transport Layer Security (TLS) protocol is an
-  IETF standard based on SSL but with its own version numbering. TLS 1.0 can
-  be thought of as SSL 3.1, TLS 1.1 is in turn an update to TLS 1.0, etc. Newer
+  directory servers. The SSL 2.0 and SSL 3.0 protocols are insecure and thus
+  deprecated. The current Transport Layer Security (TLS) protocol is an IETF
+  standard based on SSL but with its own version numbering. TLS 1.0 can be
+  thought of as SSL 3.1, TLS 1.1 is in turn an update to TLS 1.0, etc. Newer
   protocols are preferred over older ones as they provide better security and
   more features. Older protocols are supported to ensure compatibility.</p>
 
 <p>By default, &brandShortName; will select the most secure version which is
   widely supported to connect to the server. If that attempt doesn&apos;t
   succeed, it will try to connect with the next older version, etc., to the
   extent allowed by the settings in this panel. The connection will fail if no
   protocol supported by both sides is found. You can exclude older versions
   explicitly or allow newer versions which may not be widely supported yet
   with the following options:</p>
 
 <ul>
-  <li><strong>Enable</strong>: Check the <strong>SSL 3.0</strong>, <strong>TLS
-    1.0</strong>, <strong>TLS 1.1</strong>, and/or <strong>TLS 1.2</strong>
+  <li><strong>Enable</strong>: Check the <strong>TLS 1.0</strong>,
+    <strong>TLS 1.1</strong>, and/or <strong>TLS 1.2</strong>
     boxes to indicate which protocol versions can be used for a secure
     connection to a server.</li>
 </ul>
 
 <p><strong>Notes</strong>:</p>
 
 <ul>
   <li>At least one protocol version must be selected, thus it is not possible
     to uncheck the last remaining box.</li>
   <li>Also, the selection must be contiguous. It is not possible to select both
-    SSL 3.0 and TLS 1.1 but to exclude the intermediate TLS 1.0 version.</li>
-  <li>You can extend the range by multiple versions. For example, if only SSL
-    3.0 is currently checked and you select TLS 1.2, the TLS 1.0 and TLS 1.1
-    versions are automatically selected as well.</li>
+    TLS 1.0 and TLS 1.2 but to exclude the intermediate TLS 1.1 version.</li>
+  <li>You can extend the range by multiple versions. For example, if only TLS
+    1.0 is currently checked and you select TLS 1.2, the TLS 1.1 version is
+     automatically selected as well.</li>
   <li>Checkboxes may appear checked but grayed out if you cannot uncheck them
     without violating these rules. Uncheck the outermost boxes to regain
     access to an enclosed intermediate version.</li>
 </ul>
 
 <h3 id="ssl_warnings">SSL Warnings</h3>
 
 <p>It&apos;s easy to tell when the website you are viewing is using an encrypted
--- a/suite/security/prefs/pref-ssl.js
+++ b/suite/security/prefs/pref-ssl.js
@@ -1,66 +1,76 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 function Startup()
 {
-  // array associating XUL element IDs with preference values [0,1,2,3]
-  gSslPrefElementIds = ["allowSSL30", "allowTLS10", "allowTLS11", "allowTLS12"];
+  // map associating preference values with checkbox element IDs
+  gSslPrefElements = new Map([[1, "allowTLS10"],
+                              [2, "allowTLS11"],
+                              [3, "allowTLS12"]]);
 
   // initial setting of checkboxes based on preference values
   UpdateSslBoxes();
 }
 
 function UpdateSslBoxes()
 {
   // get minimum and maximum allowed protocol and locked status
   let minVersion = document.getElementById("security.tls.version.min").value;
   let maxVersion = document.getElementById("security.tls.version.max").value;
   let minLocked  = document.getElementById("security.tls.version.min").locked;
   let maxLocked  = document.getElementById("security.tls.version.max").locked;
 
-  // set checked, disabled, and locked status for each protocol checkbox
-  for (index = 0; index < gSslPrefElementIds.length; index++)
+  // check if allowable limits are violated, use default values if they are
+  if (minVersion > maxVersion || !gSslPrefElements.has(minVersion)
+                              || !gSslPrefElements.has(maxVersion))
   {
-    let currentBox = document.getElementById(gSslPrefElementIds[index]);
-    currentBox.checked = index >= minVersion && index <= maxVersion;
+    minVersion = document.getElementById("security.tls.version.min").defaultValue;
+    maxVersion = document.getElementById("security.tls.version.max").defaultValue;
+  }
 
-    if ((minLocked && maxLocked) || (minLocked && index <= minVersion) ||
-                                    (maxLocked && index >= maxVersion))
+  // set checked, disabled, and locked status for each protocol checkbox
+  for (let [version, id] of gSslPrefElements)
+  {
+    let currentBox = document.getElementById(id);
+    currentBox.checked = version >= minVersion && version <= maxVersion;
+
+    if ((minLocked && maxLocked) || (minLocked && version <= minVersion) ||
+                                    (maxLocked && version >= maxVersion))
     {
       // boxes subject to a preference's locked status are disabled and grayed
       currentBox.removeAttribute("nogray");
       currentBox.disabled = true;
     }
     else
     {
       // boxes which the user can't uncheck are disabled but not grayed
       currentBox.setAttribute("nogray", "true");
-      currentBox.disabled = (index > minVersion && index < maxVersion) ||
-                            (index == minVersion && index == maxVersion);
+      currentBox.disabled = (version > minVersion && version < maxVersion) ||
+                            (version == minVersion && version == maxVersion);
     }
   }
 }
 
 function UpdateSslPrefs()
 {
   // this is called whenever a checkbox changes
   let minVersion = -1;
   let maxVersion = -1;
 
   // find the first and last checkboxes which are now checked
-  for (index = 0; index < gSslPrefElementIds.length; index++)
+  for (let [version, id] of gSslPrefElements)
   {
-    if (document.getElementById(gSslPrefElementIds[index]).checked)
+    if (document.getElementById(id).checked)
     {
       if (minVersion < 0)  // first box checked
-        minVersion = index;
-      maxVersion = index;  // last box checked so far
+        minVersion = version;
+      maxVersion = version;  // last box checked so far
     }
   }
 
   // if minVersion is valid, then maxVersion is as well -> update prefs
   if (minVersion >= 0)
   {
     document.getElementById("security.tls.version.min").value = minVersion;
     document.getElementById("security.tls.version.max").value = maxVersion;
--- a/suite/security/prefs/pref-ssl.xul
+++ b/suite/security/prefs/pref-ssl.xul
@@ -49,21 +49,16 @@
 
     <groupbox align="start">
       <caption label="&SSLProtocolVersions.caption;"/>
       <description>&limit.description;</description>
 
       <hbox align="center">
         <label id="allowEnable"
                value="&limit.enable.label;"/>
-        <checkbox id="allowSSL30"
-                  class="nogray-disabled"
-                  label="&limit.ssl30.label;"
-                  accesskey="&limit.ssl30.accesskey;"
-                  oncommand="UpdateSslPrefs();"/>
         <checkbox id="allowTLS10"
                   class="nogray-disabled"
                   label="&limit.tls10.label;"
                   accesskey="&limit.tls10.accesskey;"
                   oncommand="UpdateSslPrefs();"/>
         <checkbox id="allowTLS11"
                   class="nogray-disabled"
                   label="&limit.tls11.label;"