Closed Bug 1606734 Opened 1 year ago Closed 1 year ago

Disable TLS 1.0 and 1.1 by default

Categories

(Core :: Security: PSM, task, P1)

task

Tracking

()

RESOLVED FIXED
mozilla74
Tracking Status
relnote-firefox --- 74+
firefox74 --- fixed

People

(Reporter: mt, Assigned: mt)

References

(Blocks 2 open bugs, )

Details

(Keywords: dev-doc-complete, site-compat)

Attachments

(1 file)

Current plan is to disable these versions in Firefox Release version 74 unconditionally, with just the ...enable-deprecated pref and UX as a bustage-mitigation measure.

This bug tracks removal of the guards around the pref defaults for security.tls.version.min.

Keywords: site-compat
Pushed by mthomson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1d07ac23cc5a
Disable TLS 1.0 and 1.1 by default, r=keeler
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla74

Updates made on MDN concerning TLS 1.0/1.1 removal; see https://github.com/mdn/sprints/issues/2754#issuecomment-587676139 for the full details.

Let me know if there's anything else you'd like to see changed in terms of docs. Thanks!

Martin, should that be also notes in our general release notes for 74?

Flags: needinfo?(mt)

Yes, it would be wise. This is a big and noticeable change, unfortunately.

Flags: needinfo?(mt)

Release Note Request (optional, but appreciated)
[Why is this notable]: This change will result in a subset of sites becoming inaccessible, though users still have the option to re-enable TLS 1.0 in the short term. Thousands of sites will be affected.
[Affects Firefox for Android]: Yes
[Suggested wording]: Disabled TLS 1.0 and TLS 1.1. Sites that don't support TLS version 1.2 will show an error page.
[Links (documentation, blog post, etc)]: https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/ https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/

relnote-firefox: --- → ?
Flags: needinfo?(mt)

Note added to our 74 beta release notes, thanks.

Blocks: COVID-19
You need to log in before you can comment on or make changes to this bug.