Disable TLS 1.0 and 1.1 for Nightly
Categories
(Core :: Security: PSM, task, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox71 | --- | fixed |
People
(Reporter: mt, Assigned: mt)
References
()
Details
(Keywords: dev-doc-complete, site-compat, Whiteboard: [psm-assigned])
Attachments
(1 file)
It's now time to start the process of deprecating TLS 1.0 and TLS 1.1.
Disabling these by default in Nightly should help us uncover more sites that aren't able to speak TLS 1.2.
|
||
Updated•5 years ago
|
|
Assignee | |
Comment 1•5 years ago
|
||
This flips the default for security.tls.version.min to 3 (TLS 1.2) for the
Nightly channel.
Having had this pref at this level for the last year, I can confirm that this
does break the occasional site, but it is quite rare. The intent of this change
is to start making it more obvious when sites don't support TLS 1.2.
I'm asking for wider review because this is a disruptive change.
|
||
Updated•5 years ago
|
|
|
Assignee | |
Updated•5 years ago
|
Pushed by mthomson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0781e60dd54c Disable TLS 1.0 and TLS 1.1 in Nightly, r=jcj
Pushed by mthomson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f8020435c9fd Disable TLS 1.0 and TLS 1.1 in Nightly, r=jcj
|
||
Comment 4•5 years ago
|
||
| bugherder | ||
|
|
||
Comment 5•5 years ago
|
||
Posted site compatibility note: https://www.fxsitecompat.dev/en-CA/docs/2019/tls-1-0-and-1-1-are-now-deprecated/
|
||
Comment 6•5 years ago
|
||
I think this should be listed in Firefox Nightly 71 release notes, Martin, could you suggest a wording? Thanks
|
|
Assignee | |
Comment 7•5 years ago
|
||
As long as this doesn't get copied to later releases...
Disabled TLS 1.0 and 1.1 by default.
|
|
||
Comment 8•5 years ago
|
||
I have documented this on MDN: see https://github.com/mdn/sprints/issues/2280#issuecomment-555578965 for all the details.
Let me know if you think this needs anything else at this stage; thanks!
Description
•