Bug 1522182 - Add policies for SSL version max/min r=Felipe
authorMichael Kaply <mozilla@kaply.com>
Fri, 25 Jan 2019 19:37:27 +0000
changeset 515524 f83934422518dcba917afb08e9b103aa702cf772
parent 515523 1e68675bce75e958c4d6a7f14a021cbd914b2a9c
child 515525 539995d20747edf340c4ef77a8660636f88112d4
push id1953
push userffxbld-merge
push dateMon, 11 Mar 2019 12:10:20 +0000
treeherdermozilla-release@9c35dcbaa899 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersFelipe
bugs1522182
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1522182 - Add policies for SSL version max/min r=Felipe Differential Revision: https://phabricator.services.mozilla.com/D17520
browser/components/enterprisepolicies/Policies.jsm
browser/components/enterprisepolicies/schemas/policies-schema.json
browser/components/enterprisepolicies/tests/browser/browser_policies_simple_pref_policies.js
--- a/browser/components/enterprisepolicies/Policies.jsm
+++ b/browser/components/enterprisepolicies/Policies.jsm
@@ -891,16 +891,58 @@ var Policies = {
         } catch (ex) {
           log.error(`Unable to add security device ${deviceName}`);
           log.debug(ex);
         }
       }
     },
   },
 
+  "SSLVersionMax": {
+    onBeforeAddons(manager, param) {
+      let tlsVersion;
+      switch (param) {
+        case "tls1":
+          tlsVersion = 1;
+          break;
+        case "tls1.1":
+          tlsVersion = 2;
+          break;
+        case "tls1.2":
+          tlsVersion = 3;
+          break;
+        case "tls1.3":
+          tlsVersion = 4;
+          break;
+      }
+      setAndLockPref("security.tls.version.max", tlsVersion);
+    },
+  },
+
+  "SSLVersionMin": {
+    onBeforeAddons(manager, param) {
+      let tlsVersion;
+      switch (param) {
+        case "tls1":
+          tlsVersion = 1;
+          break;
+        case "tls1.1":
+          tlsVersion = 2;
+          break;
+        case "tls1.2":
+          tlsVersion = 3;
+          break;
+        case "tls1.3":
+          tlsVersion = 4;
+          break;
+      }
+      setAndLockPref("security.tls.version.min", tlsVersion);
+    },
+  },
+
   "WebsiteFilter": {
     onBeforeUIStartup(manager, param) {
       this.filter = new WebsiteFilter(param.Block || [], param.Exceptions || []);
     },
   },
 
 };
 
--- a/browser/components/enterprisepolicies/schemas/policies-schema.json
+++ b/browser/components/enterprisepolicies/schemas/policies-schema.json
@@ -649,16 +649,26 @@
 
     "SecurityDevices": {
       "type": "object",
       "patternProperties": {
         "^.*$": { "type": "string" }
       }
     },
 
+    "SSLVersionMax": {
+      "type": "string",
+      "enum": ["tls1", "tls1.1", "tls1.2", "tls1.3"]
+    },
+
+    "SSLVersionMin": {
+      "type": "string",
+      "enum": ["tls1", "tls1.1", "tls1.2", "tls1.3"]
+    },
+
     "WebsiteFilter": {
       "type": "object",
       "properties": {
         "Block": {
           "type": "array",
           "items": {
             "type": "string"
           }
--- a/browser/components/enterprisepolicies/tests/browser/browser_policies_simple_pref_policies.js
+++ b/browser/components/enterprisepolicies/tests/browser/browser_policies_simple_pref_policies.js
@@ -195,16 +195,40 @@ const POLICIES_TESTS = [
         "ProviderURL": "http://example.com/provider",
       },
     },
     unlockedPrefs: {
       "network.trr.mode": 5,
       "network.trr.uri": "http://example.com/provider",
     },
   },
+
+  // POLICY: SSLVersionMin/SSLVersionMax (1)
+  {
+    policies: {
+      "SSLVersionMin": "tls1",
+      "SSLVersionMax": "tls1.1",
+    },
+    lockedPrefs: {
+      "security.tls.version.min": 1,
+      "security.tls.version.max": 2,
+    },
+  },
+
+  // POLICY: SSLVersionMin/SSLVersionMax (2)
+  {
+    policies: {
+      "SSLVersionMin": "tls1.2",
+      "SSLVersionMax": "tls1.3",
+    },
+    lockedPrefs: {
+      "security.tls.version.min": 3,
+      "security.tls.version.max": 4,
+    },
+  },
 ];
 
 add_task(async function test_policy_remember_passwords() {
   for (let test of POLICIES_TESTS) {
     await setupPolicyEngineWithJson({
       "policies": test.policies,
     });