Closed Bug 1336812 Opened 9 years ago Closed 7 years ago

(eventually) deprecate TLS 1.0

Categories

(Core :: Security: PSM, defect, P3)

Product:
Core
Component:
Security: PSM
Version:
53 Branch
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1227521

People

(Reporter: u580221, Unassigned)

Details

(Whiteboard: [psm-backlog])

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36 Build ID: 20170203181052 Steps to reproduce: TLS 1.0 appears to be considered possibly insecure, therefore please consider raising security.tls.version.min to 2 as a new default. At the very least, sites contacted through TLS 1.0 (whether that was the initial handshake or a downgrade) should be clearly shown as using an insecure connection. Steps to reproduce: 1. Open about:config 2. Search for: security.tls.version.min Actual results: The unchanged default value for my firefox appears to be 1 Expected results: The unchanged default value should be 2
The reason I made this ticket is because I stumbled across this: https://blog.varonis.com/ssl-and-tls-1-0-no-longer-acceptable-for-pci-compliance/
Component: Untriaged → Security: PSM
Product: Firefox → Core
For the time being, we have to support it for compatibility reasons. In the future it may be possible to deprecate TLS 1.0.
Priority: -- → P3
Summary: TLS 1.0 appears to be considered possibly insecure, therefore please consider raising security.tls.version.min to 2 as a new default → (eventually) deprecate TLS 1.0
Whiteboard: [psm-backlog]
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.