[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firefox, was: Telnet



On 4 Dec 2023 10:29 +0000, from debianuser@woodall.me.uk (Tim Woodall):
> Some years ago I abandoned firefox because there was no way to override
> one of its 'I'm sorry Dave, I'm afraid I can't do that' spasms.
> 
> It's crazy that they make things like certificate pinning *impossible*
> to override.

Firefox deprecated support for HPKP in version 72 in January 2020, in
response to their issue 1412438. https://bugzilla.mozilla.org/show_bug.cgi?id=1412438

https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/72#security

Looks like it was originally implemented in Firefox 35, which dates
back to January 2015. https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/35#network_security

Apparently present-day versions allow _enabling_ HPKP by adding a
configuration setting which does not exist by default, but finding a
current MDN page even detailing the format of the HPKP HTTP header
appears non-trivial; the Wayback Machine has a copy, but going to the
current page by URL redirects to the one for Expect-CT which _too_ is
deprecated.
https://web.archive.org/web/20211104105929/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Public-Key-Pins#browser_compatibility
https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning#Browser_support_and_deprecation

-- 
Michael Kjörling                     🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”


Reply to: