Closed Bug 1623534 Opened 8 months ago Closed 7 months ago

Remote pref override to re-enable TLS 1.0

Categories

(Core :: Security: PSM, task, P1)

task

Tracking

()

RESOLVED FIXED
Tracking Status
relnote-firefox --- 74+
firefox74 --- fixed

People

(Reporter: mt, Assigned: mythmon)

References

(Blocks 1 open bug, )

Details

The recent announcement from Google to delay the Chrome release indicates that they will not honour the agreement to turn TLS 1.0 off at this time. That's understandable, but that leaves Firefox as the only major browser to have TLS 1.0 disabled in any way right now.

We have also seen people ask that we provide more support for people who might have to use online tools, and this would help avoid some bustage.

I would like to request that we use remote prefs to set security.tls.version.min to 1 in Firefox 74 (the current release).

:mythmon, can you help with this?

Flags: needinfo?(mcooper)
Depends on: 1623649

I can indeed help with this. The first step is to create the Experimenter ticket that Tim made. Lets get all of the needed sign offs there. Specifically, we'll need signoff from Relman (Julien you can do that), and QA.

Looking over the details that Tim put in Experimenter, this sounds like an ideal use of Normandy's Preference Rollout feature. We can ramp this up however fast is desired. Our normal schedule is weeks, but we could do it over a few hours if needed.

Wes, Sunah, heads up that we might be putting a large load on the Telemetry system soon, due to calls to setExperimentActive. We have finished the rollout of the 1 hour skew feature, so I don't expect any issues will come up.

Flags: needinfo?(mcooper)

Release Note Request (optional, but appreciated)
[Why is this notable]: deprecation of tls 1.0/1.1 was in the 74 relnotes
[Affects Firefox for Android]:
[Suggested wording]:
[Links (documentation, blog post, etc)]:

[Suggested wording]: Please edit existing release note wording to say we reverted the change for an undetermined amount of time to better enable access to critical government sites sharing COVID19 information.

I've set up the Normandy recipe for this change, here: https://delivery-console.prod.mozaws.net/recipe/928/

I'll be passing it around for review and final sign off before launching.

This went live on March 19.

Assignee: nobody → mcooper
Status: NEW → RESOLVED
Closed: 7 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.