Issue 896013 link

Starred by 5 users

Issue metadata

Status:	Assigned
Owner:	davidben@chromium.org
Components:	Internals>Network>SSL
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug
M-72

Blocked on:
issue 905831
issue 747666

Deprecate TLS 1.0 and TLS 1.1

Project Member Reported by davidben@chromium.org, Oct 16

Issue description

This bug tracks work relating to the TLS 1.0/1.1 deprecation:
https://security.googleblog.com/2018/10/modernizing-transport-security.html

The target removal date is a ways away but we should get a deprecation warning, and perhaps some UKM for outreach purposes.

Comment 1 by davidben@chromium.org, Oct 16

Labels: M-72

Comment 2 by larrylac...@yahoo.com, Nov 11

This might be a good time to look at related UI issues (OIB/padlock, and Proxy Settings for TLS).

See  bug 391955  - Proxy Settings> Advanced> TLS opts ignored

 bug 904178  - badssl.com TLS 1.0 and 1.1 tests run and are not reflected in the OIB padlock which indicates 'secure' (in m72 canary 72.0.3607.0).

Comment 3 by davidben@chromium.org, Nov 12

As noted in both those bugs, those are IE and Edge's settings, not Chrome's.

Comment 4 by davidben@chromium.org, Nov 14

Blockedon: 747666

Project Member

Comment 5 by bugdroid1@chromium.org, Nov 15

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/49c4e7569b69639fea676689a2a8253cac162bec

commit 49c4e7569b69639fea676689a2a8253cac162bec
Author: David Benjamin <davidben@chromium.org>
Date: Thu Nov 15 19:01:27 2018

Warn in the DevTools console for TLS 1.0 and 1.1.

TLS 1.0 and 1.1 are deprecated. See:
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://groups.google.com/a/chromium.org/d/msg/blink-dev/EHSnAn2rucg/oiu0DoQ0CAAJ

As part of that deprecation, show a console warning in DevTools and also
add a Blink-level UseCounter. (We typically measure things at the
connection or request level for network features, but since we're
plumbing this in anyway, go ahead and add one.) I mirrored the plumbing
and UseCounters for Symantec certificates.

Bug: 896013
Change-Id: I9b45e6264a2119b7b68a5a9f282dfd63a372210a
Reviewed-on: https://chromium-review.googlesource.com/c/1324878
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Carlos IL <carlosil@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608456}
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/chrome/browser/ssl/ssl_browsertest.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/browser/loader/resource_loader.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/public/renderer/content_renderer_client.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/public/renderer/content_renderer_client.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/renderer/loader/web_url_loader_impl.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/renderer/render_frame_impl.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/shell/renderer/layout_test/layout_test_content_renderer_client.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/shell/renderer/layout_test/layout_test_content_renderer_client.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/services/network/public/cpp/network_ipc_param_traits.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/services/network/public/cpp/resource_response.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/services/network/public/cpp/resource_response_info.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/services/network/url_loader.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/public/platform/web_feature.mojom
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/public/platform/web_url_response.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/public/web/web_local_frame_client.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/core/exported/local_frame_client_impl.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/core/exported/local_frame_client_impl.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/core/frame/local_frame_client.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/core/loader/document_loader.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/core/loader/frame_fetch_context.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/platform/exported/web_url_response.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/platform/loader/fetch/resource_response.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/tools/metrics/histograms/enums.xml

Project Member

Comment 6 by bugdroid1@chromium.org, Nov 15

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0125d83072814f63f156a919b26e87d3fb36b0b4

commit 0125d83072814f63f156a919b26e87d3fb36b0b4
Author: Ella Ge <eirage@chromium.org>
Date: Thu Nov 15 22:02:33 2018

Revert "Warn in the DevTools console for TLS 1.0 and 1.1."

This reverts commit 49c4e7569b69639fea676689a2a8253cac162bec.

Reason for revert: 239 LayoutTests failure on Mac10.10 bot
https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Mac10.10%20Tests/36316

Original change's description:
> Warn in the DevTools console for TLS 1.0 and 1.1.
>
> TLS 1.0 and 1.1 are deprecated. See:
> https://security.googleblog.com/2018/10/modernizing-transport-security.html
> https://groups.google.com/a/chromium.org/d/msg/blink-dev/EHSnAn2rucg/oiu0DoQ0CAAJ
>
> As part of that deprecation, show a console warning in DevTools and also
> add a Blink-level UseCounter. (We typically measure things at the
> connection or request level for network features, but since we're
> plumbing this in anyway, go ahead and add one.) I mirrored the plumbing
> and UseCounters for Symantec certificates.
>
> Bug: 896013
> Change-Id: I9b45e6264a2119b7b68a5a9f282dfd63a372210a
> Reviewed-on: https://chromium-review.googlesource.com/c/1324878
> Commit-Queue: David Benjamin <davidben@chromium.org>
> Reviewed-by: Carlos IL <carlosil@chromium.org>
> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
> Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#608456}

TBR=kinuko@chromium.org,davidben@chromium.org,pfeldman@chromium.org,carlosil@chromium.org

Change-Id: I708f0234f09dd8747841b970463728b37a4bdbcd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 896013
Reviewed-on: https://chromium-review.googlesource.com/c/1338390
Reviewed-by: Ella Ge <eirage@chromium.org>
Commit-Queue: Ella Ge <eirage@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608534}
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/chrome/browser/ssl/ssl_browsertest.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/browser/loader/resource_loader.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/public/renderer/content_renderer_client.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/public/renderer/content_renderer_client.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/renderer/loader/web_url_loader_impl.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/renderer/render_frame_impl.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/shell/renderer/layout_test/layout_test_content_renderer_client.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/shell/renderer/layout_test/layout_test_content_renderer_client.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/services/network/public/cpp/network_ipc_param_traits.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/services/network/public/cpp/resource_response.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/services/network/public/cpp/resource_response_info.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/services/network/url_loader.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/public/platform/web_feature.mojom
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/public/platform/web_url_response.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/public/web/web_local_frame_client.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/core/exported/local_frame_client_impl.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/core/exported/local_frame_client_impl.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/core/frame/local_frame_client.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/core/loader/document_loader.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/core/loader/frame_fetch_context.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/platform/exported/web_url_response.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/platform/loader/fetch/resource_response.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/tools/metrics/histograms/enums.xml

Comment 7 by davidben@chromium.org, Nov 15

Blockedon: 905831

Project Member

Comment 8 by bugdroid1@chromium.org, Nov 16

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/06c20c22b671514f07637a10cd3d77d575d94ba0

commit 06c20c22b671514f07637a10cd3d77d575d94ba0
Author: David Benjamin <davidben@chromium.org>
Date: Fri Nov 16 03:29:15 2018

Warn in the DevTools console for TLS 1.0 and 1.1.

This is a reland of https://chromium-review.googlesource.com/c/1324878,
but with the suppression added for macOS layout tests too.

TLS 1.0 and 1.1 are deprecated. See:
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://groups.google.com/a/chromium.org/d/msg/blink-dev/EHSnAn2rucg/oiu0DoQ0CAAJ

As part of that deprecation, show a console warning in DevTools and also
add a Blink-level UseCounter. (We typically measure things at the
connection or request level for network features, but since we're
plumbing this in anyway, go ahead and add one.) I mirrored the plumbing
and UseCounters for Symantec certificates.

TBR=carlosil@chromium.org,kinuko@chromium.org,pfeldman@chromium.org

Bug: 896013
Change-Id: I06c93e3ac82f9b07c92193ca75e4c2d8d711d34d
Reviewed-on: https://chromium-review.googlesource.com/c/1338559
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608649}
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/chrome/browser/ssl/ssl_browsertest.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/browser/loader/resource_loader.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/public/renderer/content_renderer_client.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/public/renderer/content_renderer_client.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/renderer/loader/web_url_loader_impl.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/renderer/render_frame_impl.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/shell/renderer/layout_test/layout_test_content_renderer_client.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/shell/renderer/layout_test/layout_test_content_renderer_client.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/services/network/public/cpp/network_ipc_param_traits.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/services/network/public/cpp/resource_response.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/services/network/public/cpp/resource_response_info.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/services/network/url_loader.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/public/platform/web_feature.mojom
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/public/platform/web_url_response.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/public/web/web_local_frame_client.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/core/exported/local_frame_client_impl.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/core/exported/local_frame_client_impl.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/core/frame/local_frame_client.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/core/loader/document_loader.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/core/loader/frame_fetch_context.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/platform/exported/web_url_response.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/platform/loader/fetch/resource_response.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/tools/metrics/histograms/enums.xml

Project Member

Comment 9 by bugdroid1@chromium.org, Dec 8

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6939f77f50ac3fffe5c3027ff7bb7c4d9f7e4ace

commit 6939f77f50ac3fffe5c3027ff7bb7c4d9f7e4ace
Author: David Benjamin <davidben@chromium.org>
Date: Sat Dec 08 01:31:06 2018

Add UKM for legacy TLS versions.

Bug: 896013
Change-Id: I5beb02a1d4716a8fe556f2caec2f682a0643e0c8
Reviewed-on: https://chromium-review.googlesource.com/c/1352514
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Steven Holte <holte@chromium.org>
Reviewed-by: Nate Chapin <japhet@chromium.org>
Cr-Commit-Position: refs/heads/master@{#614899}
[modify] https://crrev.com/6939f77f50ac3fffe5c3027ff7bb7c4d9f7e4ace/third_party/blink/renderer/core/loader/document_loader.cc
[modify] https://crrev.com/6939f77f50ac3fffe5c3027ff7bb7c4d9f7e4ace/tools/metrics/ukm/ukm.xml

►

Issue 896013 link

Issue metadata

Deprecate TLS 1.0 and TLS 1.1

Issue description

Comment 1 by davidben@chromium.org, Oct 16

Comment 1 Deleted

Comment 2 by larrylac...@yahoo.com, Nov 11

Comment 2 Deleted

Comment 3 by davidben@chromium.org, Nov 12

Comment 3 Deleted

Comment 4 by davidben@chromium.org, Nov 14

Comment 4 Deleted

Comment 5 by bugdroid1@chromium.org, Nov 15

Comment 5 Deleted

Comment 6 by bugdroid1@chromium.org, Nov 15

Comment 6 Deleted

Comment 7 by davidben@chromium.org, Nov 15

Comment 7 Deleted

Comment 8 by bugdroid1@chromium.org, Nov 16

Comment 8 Deleted

Comment 9 by bugdroid1@chromium.org, Dec 8

Comment 9 Deleted

Sign in to add a comment