Chrome on Android reports that TLS 1.3 sites lack the "TLS renegotiation extension" |
||
Issue descriptionWe should: 1. Always report that TLS 1.3 vacuously supports RI, like we do with EMS. This will make it easier for things like tokbind to require it be enabled. 2. Remove that sentence from the connection info thing. We're more interested in discouraging renegotiation altogether at this point. That UI isn't very effective in pushing for RI deployment and there's more important things to do.
,
Jan 11 2017
The following revision refers to this bug: https://boringssl.googlesource.com/boringssl.git/+/d261004048e25f2ad81fede16cca6736e8697713 commit d261004048e25f2ad81fede16cca6736e8697713 Author: David Benjamin <davidben@google.com> Date: Tue Jan 03 15:49:28 2017 Report TLS 1.3 as supporting secure renegotiation. TLS 1.3 doesn't support renegotiation in the first place, but so callers don't report TLS 1.3 servers as missing it, always report it as (vacuously) protected against this bug. BUG= chromium:680281 Change-Id: Ibfec03102b2aec7eaa773c331d6844292e7bb685 Reviewed-on: https://boringssl-review.googlesource.com/13046 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> [modify] https://crrev.com/d261004048e25f2ad81fede16cca6736e8697713/include/openssl/ssl.h [modify] https://crrev.com/d261004048e25f2ad81fede16cca6736e8697713/ssl/ssl_lib.c [modify] https://crrev.com/d261004048e25f2ad81fede16cca6736e8697713/ssl/test/bssl_shim.cc [modify] https://crrev.com/d261004048e25f2ad81fede16cca6736e8697713/ssl/test/runner/runner.go [modify] https://crrev.com/d261004048e25f2ad81fede16cca6736e8697713/ssl/test/test_config.cc [modify] https://crrev.com/d261004048e25f2ad81fede16cca6736e8697713/ssl/test/test_config.h
,
Jan 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9ea5bc07bb60e1247b59b4942366d147c0a081d0 commit 9ea5bc07bb60e1247b59b4942366d147c0a081d0 Author: davidben <davidben@chromium.org> Date: Tue Jan 17 17:34:13 2017 Remove message about TLS renegotiation info extension. In Chrome for Android, but not other ports, servers which don't support the renegotiation info extension have a "The server does not support the TLS renegotiation extension" note in the connection UI. We don't show this on other platforms and have no plans to mandate the extension (not worth spending the breakage budget on this), so remove it. BUG= 680281 Review-Url: https://codereview.chromium.org/2627143003 Cr-Commit-Position: refs/heads/master@{#444081} [modify] https://crrev.com/9ea5bc07bb60e1247b59b4942366d147c0a081d0/chrome/browser/ui/website_settings/website_settings.cc [modify] https://crrev.com/9ea5bc07bb60e1247b59b4942366d147c0a081d0/components/pageinfo_strings.grdp [modify] https://crrev.com/9ea5bc07bb60e1247b59b4942366d147c0a081d0/ios/chrome/browser/ui/omnibox/page_info_model.cc [modify] https://crrev.com/9ea5bc07bb60e1247b59b4942366d147c0a081d0/net/socket/ssl_client_socket_impl.cc [modify] https://crrev.com/9ea5bc07bb60e1247b59b4942366d147c0a081d0/net/socket/ssl_server_socket_impl.cc [modify] https://crrev.com/9ea5bc07bb60e1247b59b4942366d147c0a081d0/net/ssl/ssl_connection_status_flags.h
,
Jan 17 2017
Marking fixed. Also tagging SSL since I forgot to do that. |
||
►
Sign in to add a comment |
||
Comment 1 by davidben@chromium.org
, Jan 11 2017