Closed Bug 1579270 Opened 11 months ago Closed 11 months ago

Disable TLS 1.0 and 1.1 for Nightly

Categories

(Core :: Security: PSM, task, P1)

task

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox71 --- fixed

People

(Reporter: mt, Assigned: mt)

References

(Blocks 1 open bug, )

Details

(Keywords: dev-doc-complete, site-compat, Whiteboard: [psm-assigned])

Attachments

(1 file)

It's now time to start the process of deprecating TLS 1.0 and TLS 1.1.

Disabling these by default in Nightly should help us uncover more sites that aren't able to speak TLS 1.2.

Keywords: site-compat

This flips the default for security.tls.version.min to 3 (TLS 1.2) for the
Nightly channel.

Having had this pref at this level for the last year, I can confirm that this
does break the occasional site, but it is quite rare. The intent of this change
is to start making it more obvious when sites don't support TLS 1.2.

I'm asking for wider review because this is a disruptive change.

Assignee: nobody → mt
Priority: -- → P1
Whiteboard: [psm-assigned]
Pushed by mthomson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/0781e60dd54c
Disable TLS 1.0 and TLS 1.1 in Nightly, r=jcj
Pushed by mthomson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f8020435c9fd
Disable TLS 1.0 and TLS 1.1 in Nightly, r=jcj
Status: NEW → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

I think this should be listed in Firefox Nightly 71 release notes, Martin, could you suggest a wording? Thanks

Flags: needinfo?(mt)

As long as this doesn't get copied to later releases...

Disabled TLS 1.0 and 1.1 by default.

Flags: needinfo?(mt)

I have documented this on MDN: see https://github.com/mdn/sprints/issues/2280#issuecomment-555578965 for all the details.

Let me know if you think this needs anything else at this stage; thanks!

You need to log in before you can comment on or make changes to this bug.