Closed Bug 1579270 Opened 2 years ago Closed 2 years ago

Disable TLS 1.0 and 1.1 for Nightly


(Core :: Security: PSM, task, P1)




Tracking Status
firefox71 --- fixed


(Reporter: mt, Assigned: mt)


(Blocks 1 open bug, )


(Keywords: dev-doc-complete, site-compat, Whiteboard: [psm-assigned])


(1 file)

It's now time to start the process of deprecating TLS 1.0 and TLS 1.1.

Disabling these by default in Nightly should help us uncover more sites that aren't able to speak TLS 1.2.

Keywords: site-compat

This flips the default for security.tls.version.min to 3 (TLS 1.2) for the
Nightly channel.

Having had this pref at this level for the last year, I can confirm that this
does break the occasional site, but it is quite rare. The intent of this change
is to start making it more obvious when sites don't support TLS 1.2.

I'm asking for wider review because this is a disruptive change.

Assignee: nobody → mt
Priority: -- → P1
Whiteboard: [psm-assigned]
Pushed by
Disable TLS 1.0 and TLS 1.1 in Nightly, r=jcj
Pushed by
Disable TLS 1.0 and TLS 1.1 in Nightly, r=jcj
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

I think this should be listed in Firefox Nightly 71 release notes, Martin, could you suggest a wording? Thanks

Flags: needinfo?(mt)

As long as this doesn't get copied to later releases...

Disabled TLS 1.0 and 1.1 by default.

Flags: needinfo?(mt)

I have documented this on MDN: see for all the details.

Let me know if you think this needs anything else at this stage; thanks!

You need to log in before you can comment on or make changes to this bug.