[tor-bugs] #19164 [Applications/Tor Browser]: Backport - Remove support for SHA-1 HPKP pins
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 3 17:53:05 UTC 2016
#19164: Backport - Remove support for SHA-1 HPKP pins
-------------------------------------------------+-------------------------
Reporter: bugzilla | Owner: tbb-
Type: defect | team
Priority: Medium | Status:
Component: Applications/Tor Browser | needs_review
Severity: Normal | Milestone:
Keywords: tbb-security, TorBrowserTeam201606R | Version:
Parent ID: | Resolution:
Reviewer: | Actual Points:
| Points:
| Sponsor:
-------------------------------------------------+-------------------------
Changes (by mcs):
* keywords: tbb-security, TorBrowserTeam201606 => tbb-security,
TorBrowserTeam201606R
* status: new => needs_review
Comment:
We also had to backport the patch from
https://bugzilla.mozilla.org/show_bug.cgi?id=1229284 and regenerate
security/manager/ssl/StaticHPKPins.h as part of the backport for
https://bugzilla.mozilla.org/show_bug.cgi?id=1233328 (Mozilla has an
automated process that does that).
The three patches are on the bug19164-01 branch within brade's tor-browser
repo. Please review.
https://gitweb.torproject.org/user/brade/tor-
browser.git/commit/?h=bug19164-01&id=877657a30dd959d33921225260afe73d18aef977
https://gitweb.torproject.org/user/brade/tor-
browser.git/commit/?h=bug19164-01&id=cc0fcf624033578259dab28ccaaa90bbd85d3a12
https://gitweb.torproject.org/user/brade/tor-
browser.git/commit/?h=bug19164-01&id=3832c89a58e2b526a40e6399dceec3c21524f01a
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19164#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list