[tor-bugs] #19164 [Applications/Tor Browser]: Backport - Remove support for SHA-1 HPKP pins

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 3 17:53:05 UTC 2016


#19164: Backport - Remove support for SHA-1 HPKP pins
-------------------------------------------------+-------------------------
 Reporter:  bugzilla                             |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  Medium                               |         Status:
Component:  Applications/Tor Browser             |  needs_review
 Severity:  Normal                               |      Milestone:
 Keywords:  tbb-security, TorBrowserTeam201606R  |        Version:
Parent ID:                                       |     Resolution:
 Reviewer:                                       |  Actual Points:
                                                 |         Points:
                                                 |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by mcs):

 * keywords:  tbb-security, TorBrowserTeam201606 => tbb-security,
     TorBrowserTeam201606R
 * status:  new => needs_review


Comment:

 We also had to backport the patch from
 https://bugzilla.mozilla.org/show_bug.cgi?id=1229284 and regenerate
 security/manager/ssl/StaticHPKPins.h as part of the backport for
 https://bugzilla.mozilla.org/show_bug.cgi?id=1233328 (Mozilla has an
 automated process that does that).

 The three patches are on the bug19164-01 branch within brade's tor-browser
 repo. Please review.
 https://gitweb.torproject.org/user/brade/tor-
 browser.git/commit/?h=bug19164-01&id=877657a30dd959d33921225260afe73d18aef977

 https://gitweb.torproject.org/user/brade/tor-
 browser.git/commit/?h=bug19164-01&id=cc0fcf624033578259dab28ccaaa90bbd85d3a12

 https://gitweb.torproject.org/user/brade/tor-
 browser.git/commit/?h=bug19164-01&id=3832c89a58e2b526a40e6399dceec3c21524f01a

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19164#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list