Adding upstream version 115.8.0esr.upstream/115.8.0esr

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-19 01:47:29 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-19 01:47:29 +0000
commit: 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch)
tree: a31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /browser/base/content/test/siteIdentity/browser_deprecatedTLSVersions.js
parent: Initial commit. (diff)
download: firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz
firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip
1 files changed, 94 insertions, 0 deletions
diff --git a/browser/base/content/test/siteIdentity/browser_deprecatedTLSVersions.js b/browser/base/content/test/siteIdentity/browser_deprecatedTLSVersions.js
new file mode 100644
index 0000000000..22fa33f3c2
--- /dev/null
+++ b/browser/base/content/test/siteIdentity/browser_deprecatedTLSVersions.js
@@ -0,0 +1,94 @@
+/*
+ * Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ *
+ * Tests for Bug 1535210 - Set SSL STATE_IS_BROKEN flag for TLS1.0 and TLS 1.1 connections
+ */
+
+const HTTPS_TLS1_0 = "https://tls1.example.com";
+const HTTPS_TLS1_1 = "https://tls11.example.com";
+const HTTPS_TLS1_2 = "https://tls12.example.com";
+const HTTPS_TLS1_3 = "https://tls13.example.com";
+
+function getIdentityMode(aWindow = window) {
+  return aWindow.document.getElementById("identity-box").className;
+}
+
+function closeIdentityPopup() {
+  let promise = BrowserTestUtils.waitForEvent(
+    gIdentityHandler._identityPopup,
+    "popuphidden"
+  );
+  gIdentityHandler._identityPopup.hidePopup();
+  return promise;
+}
+
+async function checkConnectionState(state) {
+  await openIdentityPopup();
+  is(getConnectionState(), state, "connectionState should be " + state);
+  await closeIdentityPopup();
+}
+
+function getConnectionState() {
+  return document.getElementById("identity-popup").getAttribute("connection");
+}
+
+registerCleanupFunction(function () {
+  // Set preferences back to their original values
+  Services.prefs.clearUserPref("security.tls.version.min");
+  Services.prefs.clearUserPref("security.tls.version.max");
+});
+
+add_task(async function () {
+  // Run with all versions enabled for this test.
+  Services.prefs.setIntPref("security.tls.version.min", 1);
+  Services.prefs.setIntPref("security.tls.version.max", 4);
+
+  await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
+    // Try deprecated versions
+    BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_0);
+    await BrowserTestUtils.browserLoaded(browser);
+    isSecurityState(browser, "broken");
+    is(
+      getIdentityMode(),
+      "unknownIdentity weakCipher",
+      "Identity should be unknownIdentity"
+    );
+    await checkConnectionState("not-secure");
+
+    BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_1);
+    await BrowserTestUtils.browserLoaded(browser);
+    isSecurityState(browser, "broken");
+    is(
+      getIdentityMode(),
+      "unknownIdentity weakCipher",
+      "Identity should be unknownIdentity"
+    );
+    await checkConnectionState("not-secure");
+
+    // Transition to secure
+    BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_2);
+    await BrowserTestUtils.browserLoaded(browser);
+    isSecurityState(browser, "secure");
+    is(getIdentityMode(), "verifiedDomain", "Identity should be verified");
+    await checkConnectionState("secure");
+
+    // Transition back to broken
+    BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_1);
+    await BrowserTestUtils.browserLoaded(browser);
+    isSecurityState(browser, "broken");
+    is(
+      getIdentityMode(),
+      "unknownIdentity weakCipher",
+      "Identity should be unknownIdentity"
+    );
+    await checkConnectionState("not-secure");
+
+    // TLS1.3 for completeness
+    BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_3);
+    await BrowserTestUtils.browserLoaded(browser);
+    isSecurityState(browser, "secure");
+    is(getIdentityMode(), "verifiedDomain", "Identity should be verified");
+    await checkConnectionState("secure");
+  });
+});
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-19 01:47:29 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-19 01:47:29 +0000
commit	0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch)
tree	a31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /browser/base/content/test/siteIdentity/browser_deprecatedTLSVersions.js
parent	Initial commit. (diff)
download	firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip