enable SSL certificate pinning for important Brave domains #12190

diracdeltas · 2017-12-05T22:44:24Z

Test plan

Original issue description

we should mitigate against TLS MITM attacks by using certificate pinning / expect-CT for important domains in browser-laptop (Brave update server, Brave extensions update server, ledger servers, etc.). this may be doable by simply adding to https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json

cc @jumde

diracdeltas · 2018-01-03T18:33:18Z

This was done in brave/muon#401

diracdeltas · 2018-01-17T18:36:21Z

Test plan:

remove the browser profile folder
open devtools and go to http://roundcube.mayfirst.org
in the network requests devtools tab, you should see http://roundcube.mayfirst.org redirect to https with a 307 code

LaurenWags · 2018-01-18T18:08:45Z

Works on MacOS:

kjozwiak · 2018-01-18T22:30:56Z

Same results as @LaurenWags under Win 10 x64 and Ubuntu 17.10 x64 using 0.19.13838f8509.

diracdeltas added the security label Dec 5, 2017

jumde self-assigned this Dec 12, 2017

This was referenced Dec 12, 2017

restrict origins that brave app proccess can connect to #11889

Closed

Update Brave CSPs #12263

Closed

diracdeltas changed the title ~~enable SSL certificate pinning / expect-CT for important Brave domains~~ enable SSL certificate pinning for important Brave domains Dec 19, 2017

diracdeltas added this to the 0.21.x (Developer Channel) milestone Jan 3, 2018

diracdeltas closed this as completed Jan 3, 2018

bsclifton modified the milestones: 0.21.x (Developer Channel), 0.19.x Hotfix 13 Jan 14, 2018

srirambv added release-notes/include QA/test-plan-required labels Jan 15, 2018

This was referenced Jan 17, 2018

Manual test run for Chromium upgrade on OS X for 0.19.x Hotfix 13 #12681

Closed

Manual test run for Chromium upgrade on Linux for 0.19.x Hotfix 13 #12684

Closed

Manual test run for Chromium upgrade on Windows x64 for 0.19.x Hotfix 13 #12683

Closed

bsclifton added QA/test-plan-specified and removed QA/test-plan-required labels Jan 17, 2018

This was referenced Jan 18, 2018

Manual test run for Chromium upgrade on OS X for 0.19.x Hotfix 13 #12709

Closed

Manual test run for Chromium upgrade on Windows x64 for 0.19.x Hotfix 13 #12710

Closed

Manual test run for Chromium upgrade on Linux for 0.19.x Hotfix 13 #12711

Closed

LaurenWags added the QA/checked-macOS label Jan 18, 2018

kjozwiak added QA/checked-Win64 QA/checked-Linux labels Jan 18, 2018

kjozwiak mentioned this issue Jan 19, 2018

Release notes for 0.19.x Hotfix 13 (Release Channel) #12737

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

enable SSL certificate pinning for important Brave domains #12190

enable SSL certificate pinning for important Brave domains #12190

diracdeltas commented Dec 5, 2017 •

edited by bsclifton

Loading

diracdeltas commented Jan 3, 2018

diracdeltas commented Jan 17, 2018 •

edited by bsclifton

Loading

LaurenWags commented Jan 18, 2018

kjozwiak commented Jan 18, 2018

enable SSL certificate pinning for important Brave domains #12190

enable SSL certificate pinning for important Brave domains #12190

Comments

diracdeltas commented Dec 5, 2017 • edited by bsclifton Loading

Test plan

Original issue description

diracdeltas commented Jan 3, 2018

diracdeltas commented Jan 17, 2018 • edited by bsclifton Loading

LaurenWags commented Jan 18, 2018

kjozwiak commented Jan 18, 2018

diracdeltas commented Dec 5, 2017 •

edited by bsclifton

Loading

diracdeltas commented Jan 17, 2018 •

edited by bsclifton

Loading