From 9c4fcc1745fb9482c79c0b2944febf438737fea5 Mon Sep 17 00:00:00 2001 From: Alexis Hancock Date: Fri, 6 Mar 2020 14:37:01 -0800 Subject: [PATCH 1/3] Adjust cipher suites that are cross supported in FireFox ESR and Chrome --- test/rules/src/https_everywhere_checker/http_client.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/rules/src/https_everywhere_checker/http_client.py b/test/rules/src/https_everywhere_checker/http_client.py index c4ca6e4160ec..8374c507ab8a 100644 --- a/test/rules/src/https_everywhere_checker/http_client.py +++ b/test/rules/src/https_everywhere_checker/http_client.py @@ -46,8 +46,10 @@ def getCAPath(self, platform): class FetchOptions(object): """HTTP fetcher options like timeouts.""" - # The default list of cipher suites that ships with Firefox 51.0.1 - _DEFAULT_CIPHERLIST = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA" + # The default list of cipher suites that are supported in Firefox ESR, Chrome + # These naming formats are from OpenSSL + # This list is crosschecked with https://wiki.mozilla.org/Security/Cipher_Suites and https://clienttest.ssllabs.com + _DEFAULT_CIPHERLIST = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384" def __init__(self, config): """Parse options from [http] section From c17c852095b9e6d4968938e054b0431def4d2952 Mon Sep 17 00:00:00 2001 From: Alexis Hancock Date: Fri, 6 Mar 2020 14:40:03 -0800 Subject: [PATCH 2/3] Revert "Adjust cipher suites that are cross supported in FireFox ESR and Chrome" This reverts commit 9c4fcc1745fb9482c79c0b2944febf438737fea5. --- test/rules/src/https_everywhere_checker/http_client.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/test/rules/src/https_everywhere_checker/http_client.py b/test/rules/src/https_everywhere_checker/http_client.py index 8374c507ab8a..c4ca6e4160ec 100644 --- a/test/rules/src/https_everywhere_checker/http_client.py +++ b/test/rules/src/https_everywhere_checker/http_client.py @@ -46,10 +46,8 @@ def getCAPath(self, platform): class FetchOptions(object): """HTTP fetcher options like timeouts.""" - # The default list of cipher suites that are supported in Firefox ESR, Chrome - # These naming formats are from OpenSSL - # This list is crosschecked with https://wiki.mozilla.org/Security/Cipher_Suites and https://clienttest.ssllabs.com - _DEFAULT_CIPHERLIST = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384" + # The default list of cipher suites that ships with Firefox 51.0.1 + _DEFAULT_CIPHERLIST = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA" def __init__(self, config): """Parse options from [http] section From a3c25a98d1330306ef3ab74064f77f3564e70aef Mon Sep 17 00:00:00 2001 From: Alexis Hancock Date: Mon, 16 Mar 2020 10:20:01 -0700 Subject: [PATCH 3/3] Adjust text - TODO add date if needed in next iteration --- src/chrome/locale/en/https-everywhere.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/chrome/locale/en/https-everywhere.dtd b/src/chrome/locale/en/https-everywhere.dtd index d1ac79563eae..e348c7f457b7 100644 --- a/src/chrome/locale/en/https-everywhere.dtd +++ b/src/chrome/locale/en/https-everywhere.dtd @@ -50,7 +50,7 @@ - +