Bug 1236975 - Re-enable SHA-1 certificates r=keeler,rbarnes a=lizzard
authorRichard Barnes <rbarnes@mozilla.com>
Tue, 05 Jan 2016 12:36:17 -0500
changeset 304186 fdaceb3b6338ee31877d24877377be8493ec3acd
parent 304183 3a9a2082844e2ee5ac9c7b870c019b49a95ac808
child 304187 3b68f716c82bae5c75b56a4fca5e033fee5e7e6e
push id5458
push userkwierso@gmail.com
push dateTue, 05 Jan 2016 20:00:50 +0000
treeherdermozilla-beta@fdaceb3b6338 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, rbarnes, lizzard
bugs1236975
milestone44.0
Bug 1236975 - Re-enable SHA-1 certificates r=keeler,rbarnes a=lizzard
browser/app/profile/firefox.js
mobile/android/app/mobile.js
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1437,18 +1437,18 @@ pref("security.mixed_content.block_activ
 pref("security.insecure_password.ui.enabled", true);
 #else
 pref("security.insecure_password.ui.enabled", false);
 #endif
 
 // 1 = allow MITM for certificate pinning checks.
 pref("security.cert_pinning.enforcement_level", 1);
 
-// 2 = allow SHA-1 only before 2016-01-01
-pref("security.pki.sha1_enforcement_level", 2);
+// 0 = allow SHA-1
+pref("security.pki.sha1_enforcement_level", 0);
 
 // Required blocklist freshness for OneCRL OCSP bypass
 // (default is 1.25x extensions.blocklist.interval, or 30 hours)
 pref("security.onecrl.maximum_staleness_in_seconds", 108000);
 
 // Override the Gecko-default value of false for Firefox.
 pref("plain_text.wrap_long_lines", true);
 
--- a/mobile/android/app/mobile.js
+++ b/mobile/android/app/mobile.js
@@ -478,18 +478,18 @@ pref("security.alternate_certificate_err
 pref("security.warn_viewing_mixed", false); // Warning is disabled.  See Bug 616712.
 
 // Block insecure active content on https pages
 pref("security.mixed_content.block_active_content", true);
 
 // Enable pinning
 pref("security.cert_pinning.enforcement_level", 1);
 
-// Allow SHA-1 certificates only before 2016-01-01
-pref("security.pki.sha1_enforcement_level", 2);
+// Allow SHA-1 certificates
+pref("security.pki.sha1_enforcement_level", 0);
 
 // Required blocklist freshness for OneCRL OCSP bypass
 // (default is 1.25x extensions.blocklist.interval, or 30 hours)
 pref("security.onecrl.maximum_staleness_in_seconds", 108000);
 
 // Only fetch OCSP for EV certificates
 pref("security.OCSP.enabled", 2);