New issue
Advanced search Search tips

Issue 896013 link

Starred by 5 users

Issue metadata

Status: Assigned
Owner:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocked on:
issue 905831
issue 747666



Sign in to add a comment

Deprecate TLS 1.0 and TLS 1.1

Project Member Reported by davidben@chromium.org, Oct 16

Issue description

This bug tracks work relating to the TLS 1.0/1.1 deprecation:
https://security.googleblog.com/2018/10/modernizing-transport-security.html

The target removal date is a ways away but we should get a deprecation warning, and perhaps some UKM for outreach purposes.
 
Labels: M-72
This might be a good time to look at related UI issues (OIB/padlock, and Proxy Settings for TLS).

See  bug 391955  - Proxy Settings> Advanced> TLS opts ignored

 bug 904178  - badssl.com TLS 1.0 and 1.1 tests run and are not reflected in the OIB padlock which indicates 'secure' (in m72 canary 72.0.3607.0).
As noted in both those bugs, those are IE and Edge's settings, not Chrome's.
Blockedon: 747666
Project Member

Comment 5 by bugdroid1@chromium.org, Nov 15

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/49c4e7569b69639fea676689a2a8253cac162bec

commit 49c4e7569b69639fea676689a2a8253cac162bec
Author: David Benjamin <davidben@chromium.org>
Date: Thu Nov 15 19:01:27 2018

Warn in the DevTools console for TLS 1.0 and 1.1.

TLS 1.0 and 1.1 are deprecated. See:
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://groups.google.com/a/chromium.org/d/msg/blink-dev/EHSnAn2rucg/oiu0DoQ0CAAJ

As part of that deprecation, show a console warning in DevTools and also
add a Blink-level UseCounter. (We typically measure things at the
connection or request level for network features, but since we're
plumbing this in anyway, go ahead and add one.) I mirrored the plumbing
and UseCounters for Symantec certificates.

Bug: 896013
Change-Id: I9b45e6264a2119b7b68a5a9f282dfd63a372210a
Reviewed-on: https://chromium-review.googlesource.com/c/1324878
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Carlos IL <carlosil@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608456}
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/chrome/browser/ssl/ssl_browsertest.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/browser/loader/resource_loader.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/public/renderer/content_renderer_client.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/public/renderer/content_renderer_client.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/renderer/loader/web_url_loader_impl.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/renderer/render_frame_impl.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/shell/renderer/layout_test/layout_test_content_renderer_client.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/content/shell/renderer/layout_test/layout_test_content_renderer_client.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/services/network/public/cpp/network_ipc_param_traits.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/services/network/public/cpp/resource_response.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/services/network/public/cpp/resource_response_info.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/services/network/url_loader.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/public/platform/web_feature.mojom
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/public/platform/web_url_response.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/public/web/web_local_frame_client.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/core/exported/local_frame_client_impl.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/core/exported/local_frame_client_impl.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/core/frame/local_frame_client.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/core/loader/document_loader.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/core/loader/frame_fetch_context.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/platform/exported/web_url_response.cc
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/third_party/blink/renderer/platform/loader/fetch/resource_response.h
[modify] https://crrev.com/49c4e7569b69639fea676689a2a8253cac162bec/tools/metrics/histograms/enums.xml

Project Member

Comment 6 by bugdroid1@chromium.org, Nov 15

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0125d83072814f63f156a919b26e87d3fb36b0b4

commit 0125d83072814f63f156a919b26e87d3fb36b0b4
Author: Ella Ge <eirage@chromium.org>
Date: Thu Nov 15 22:02:33 2018

Revert "Warn in the DevTools console for TLS 1.0 and 1.1."

This reverts commit 49c4e7569b69639fea676689a2a8253cac162bec.

Reason for revert: 239 LayoutTests failure on Mac10.10 bot
https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Mac10.10%20Tests/36316

Original change's description:
> Warn in the DevTools console for TLS 1.0 and 1.1.
>
> TLS 1.0 and 1.1 are deprecated. See:
> https://security.googleblog.com/2018/10/modernizing-transport-security.html
> https://groups.google.com/a/chromium.org/d/msg/blink-dev/EHSnAn2rucg/oiu0DoQ0CAAJ
>
> As part of that deprecation, show a console warning in DevTools and also
> add a Blink-level UseCounter. (We typically measure things at the
> connection or request level for network features, but since we're
> plumbing this in anyway, go ahead and add one.) I mirrored the plumbing
> and UseCounters for Symantec certificates.
>
> Bug: 896013
> Change-Id: I9b45e6264a2119b7b68a5a9f282dfd63a372210a
> Reviewed-on: https://chromium-review.googlesource.com/c/1324878
> Commit-Queue: David Benjamin <davidben@chromium.org>
> Reviewed-by: Carlos IL <carlosil@chromium.org>
> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
> Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#608456}

TBR=kinuko@chromium.org,davidben@chromium.org,pfeldman@chromium.org,carlosil@chromium.org

Change-Id: I708f0234f09dd8747841b970463728b37a4bdbcd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 896013
Reviewed-on: https://chromium-review.googlesource.com/c/1338390
Reviewed-by: Ella Ge <eirage@chromium.org>
Commit-Queue: Ella Ge <eirage@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608534}
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/chrome/browser/ssl/ssl_browsertest.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/browser/loader/resource_loader.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/public/renderer/content_renderer_client.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/public/renderer/content_renderer_client.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/renderer/loader/web_url_loader_impl.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/renderer/render_frame_impl.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/shell/renderer/layout_test/layout_test_content_renderer_client.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/content/shell/renderer/layout_test/layout_test_content_renderer_client.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/services/network/public/cpp/network_ipc_param_traits.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/services/network/public/cpp/resource_response.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/services/network/public/cpp/resource_response_info.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/services/network/url_loader.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/public/platform/web_feature.mojom
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/public/platform/web_url_response.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/public/web/web_local_frame_client.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/core/exported/local_frame_client_impl.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/core/exported/local_frame_client_impl.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/core/frame/local_frame_client.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/core/loader/document_loader.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/core/loader/frame_fetch_context.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/platform/exported/web_url_response.cc
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/third_party/blink/renderer/platform/loader/fetch/resource_response.h
[modify] https://crrev.com/0125d83072814f63f156a919b26e87d3fb36b0b4/tools/metrics/histograms/enums.xml

Blockedon: 905831
Project Member

Comment 8 by bugdroid1@chromium.org, Nov 16

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/06c20c22b671514f07637a10cd3d77d575d94ba0

commit 06c20c22b671514f07637a10cd3d77d575d94ba0
Author: David Benjamin <davidben@chromium.org>
Date: Fri Nov 16 03:29:15 2018

Warn in the DevTools console for TLS 1.0 and 1.1.

This is a reland of https://chromium-review.googlesource.com/c/1324878,
but with the suppression added for macOS layout tests too.

TLS 1.0 and 1.1 are deprecated. See:
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://groups.google.com/a/chromium.org/d/msg/blink-dev/EHSnAn2rucg/oiu0DoQ0CAAJ

As part of that deprecation, show a console warning in DevTools and also
add a Blink-level UseCounter. (We typically measure things at the
connection or request level for network features, but since we're
plumbing this in anyway, go ahead and add one.) I mirrored the plumbing
and UseCounters for Symantec certificates.

TBR=carlosil@chromium.org,kinuko@chromium.org,pfeldman@chromium.org

Bug: 896013
Change-Id: I06c93e3ac82f9b07c92193ca75e4c2d8d711d34d
Reviewed-on: https://chromium-review.googlesource.com/c/1338559
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608649}
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/chrome/browser/ssl/ssl_browsertest.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/browser/loader/resource_loader.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/public/renderer/content_renderer_client.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/public/renderer/content_renderer_client.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/renderer/loader/web_url_loader_impl.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/renderer/render_frame_impl.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/shell/renderer/layout_test/layout_test_content_renderer_client.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/content/shell/renderer/layout_test/layout_test_content_renderer_client.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/services/network/public/cpp/network_ipc_param_traits.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/services/network/public/cpp/resource_response.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/services/network/public/cpp/resource_response_info.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/services/network/url_loader.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/public/platform/web_feature.mojom
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/public/platform/web_url_response.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/public/web/web_local_frame_client.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/core/exported/local_frame_client_impl.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/core/exported/local_frame_client_impl.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/core/frame/local_frame_client.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/core/loader/document_loader.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/core/loader/frame_fetch_context.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/platform/exported/web_url_response.cc
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/third_party/blink/renderer/platform/loader/fetch/resource_response.h
[modify] https://crrev.com/06c20c22b671514f07637a10cd3d77d575d94ba0/tools/metrics/histograms/enums.xml

Project Member

Comment 9 by bugdroid1@chromium.org, Dec 8

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6939f77f50ac3fffe5c3027ff7bb7c4d9f7e4ace

commit 6939f77f50ac3fffe5c3027ff7bb7c4d9f7e4ace
Author: David Benjamin <davidben@chromium.org>
Date: Sat Dec 08 01:31:06 2018

Add UKM for legacy TLS versions.

Bug: 896013
Change-Id: I5beb02a1d4716a8fe556f2caec2f682a0643e0c8
Reviewed-on: https://chromium-review.googlesource.com/c/1352514
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Steven Holte <holte@chromium.org>
Reviewed-by: Nate Chapin <japhet@chromium.org>
Cr-Commit-Position: refs/heads/master@{#614899}
[modify] https://crrev.com/6939f77f50ac3fffe5c3027ff7bb7c4d9f7e4ace/third_party/blink/renderer/core/loader/document_loader.cc
[modify] https://crrev.com/6939f77f50ac3fffe5c3027ff7bb7c4d9f7e4ace/tools/metrics/ukm/ukm.xml

Sign in to add a comment