NSS:CompletedFromBurnDownList

This page lists items that have been completed that were being tracked in the SSL Burn Down List.

Pr	Enhancement	Related Bugs	Dependencies	Release	Notes
P1 PSM	Fix SSL error handling regressions	bug 783974		FF17	bug 783974 -- Log SSL errors to the error console. bug 785426 - allow app to register callback for user feedback. bug 739563 - no error message for SSL errors and non-overridable cert errors.
P2 NSS PSM	Disable MD5 Signatures	bug 650355, bug 590364	bug 758314, bug 732390	FF16	bug 758314 - allow user over-ride of error. bug 738454 - Add new error code; bug 738457 - PSM change for new error code. This is something that we said we would do, and required all CAs to move their customers from MD5 by June 30, 2011. Chrome turned off MD5 support in early 2012, and found that there are still some old network products that have not updated their certs, so companies need to be able to set a preference to enable MD5 until they can get those upgraded. Wan-Teh said that the concern he raised a few years ago about there being too many MD5 intermediate certs is no longer the case.
P5 PSM	Auto-Update of CRLs not working with DD.MM.YYYY date locale	bug 682244		FF14	The entire automatic fetching of CRLs in PSM is completely broken and an ugly old workaround. Let's get libPKIX done (651246), which will give us automatic fetching of CRL. Once done, we can remove the auto-update CRL feature.
P1 NSS	Generic blacklisting mechanism	bug 470994, bug 727204, bug 642503		NSS 3.13.3	We can now block cert by issuer and serial number in NSS, and the Trustwave subCA certs have been added to this list. Any branch that desires this blocking ability will have to upgrade to a newer NSS release with this bug fixed, which will be NSS 3.13.3 at the earliest.
P1 NSS PSM	Something in networking and/or SSL layer takes lots of processing power	bug 710176		FF 11	Regression from landing SSL thread removal, probably

NSS:CompletedFromBurnDownList

Navigation menu

Search