Re: Firefox, was: Telnet
On 4 Dec 2023 10:29 +0000, from debianuser@woodall.me.uk (Tim Woodall):
> Some years ago I abandoned firefox because there was no way to override
> one of its 'I'm sorry Dave, I'm afraid I can't do that' spasms.
>
> It's crazy that they make things like certificate pinning *impossible*
> to override.
Firefox deprecated support for HPKP in version 72 in January 2020, in
response to their issue 1412438. https://bugzilla.mozilla.org/show_bug.cgi?id=1412438
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/72#security
Looks like it was originally implemented in Firefox 35, which dates
back to January 2015. https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/35#network_security
Apparently present-day versions allow _enabling_ HPKP by adding a
configuration setting which does not exist by default, but finding a
current MDN page even detailing the format of the HPKP HTTP header
appears non-trivial; the Wayback Machine has a copy, but going to the
current page by URL redirects to the one for Expect-CT which _too_ is
deprecated.
https://web.archive.org/web/20211104105929/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Public-Key-Pins#browser_compatibility
https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning#Browser_support_and_deprecation
--
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”
Reply to:
- References:
- Telnet
- From: William Torrez Corea <willitc9888@gmail.com>
- Re: Telnet
- From: Andy Smith <andy@strugglers.net>
- Re: Telnet
- From: Michel Verdier <mv524@free.fr>
- Re: Telnet
- From: Marco Moock <mm@dorfdsl.de>
- Re: Telnet
- From: Charles Curley <charlescurley@charlescurley.com>
- Re: Telnet
- From: Greg Wooledge <greg@wooledge.org>
- Re: Telnet
- From: Tim Woodall <debianuser@woodall.me.uk>