Closed Bug 1579270 Opened Last month Closed 20 days ago

Disable TLS 1.0 and 1.1 for Nightly

Categories

(Core :: Security: PSM, task, P1)

task

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox71 --- fixed

People

(Reporter: mt, Assigned: mt)

References

()

Details

(Keywords: dev-doc-needed, site-compat, Whiteboard: [psm-assigned])

Attachments

(1 file)

It's now time to start the process of deprecating TLS 1.0 and TLS 1.1.

Disabling these by default in Nightly should help us uncover more sites that aren't able to speak TLS 1.2.

This flips the default for security.tls.version.min to 3 (TLS 1.2) for the
Nightly channel.

Having had this pref at this level for the last year, I can confirm that this
does break the occasional site, but it is quite rare. The intent of this change
is to start making it more obvious when sites don't support TLS 1.2.

I'm asking for wider review because this is a disruptive change.

Assignee: nobody → mt
Priority: -- → P1
Whiteboard: [psm-assigned]
Pushed by mthomson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/0781e60dd54c
Disable TLS 1.0 and TLS 1.1 in Nightly, r=jcj
Pushed by mthomson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f8020435c9fd
Disable TLS 1.0 and TLS 1.1 in Nightly, r=jcj
Status: NEW → RESOLVED
Closed: 20 days ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

I think this should be listed in Firefox Nightly 71 release notes, Martin, could you suggest a wording? Thanks

Flags: needinfo?(mt)

As long as this doesn't get copied to later releases...

Disabled TLS 1.0 and 1.1 by default.

Flags: needinfo?(mt)
You need to log in before you can comment on or make changes to this bug.