Re-enable TLS 1.0 in Firefox 75 (Beta)
Categories
(Core :: Security: PSM, task, P1)
Tracking
()
People
(Reporter: mt, Assigned: mt)
References
Details
(Keywords: site-compat)
Attachments
(2 files)
47 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details | Review |
47 bytes,
text/x-phabricator-request
|
Details | Review |
+++ This bug was initially created as a clone of Bug #1623534 +++
The recent announcement from Google to delay the Chrome release indicates that they will not honour the agreement to turn TLS 1.0 off at this time. That's understandable, but that leaves Firefox as the only major browser to have TLS 1.0 disabled in any way right now.
We have also seen people ask that we provide more support for people who might have to use online tools, and this would help avoid some bustage.
I would like to request that we land a change to re-enable TLS 1.0 in Firefox 75 Beta.
Comment 1•4 years ago
|
||
[Tracking Requested - why for this release]: The change has to be uplifted to 75 Beta.
Assignee | ||
Comment 2•4 years ago
|
||
MozReview-Commit-ID: Lp5YyX7agFl
Assignee | ||
Comment 3•4 years ago
|
||
Comment on attachment 9134296 [details]
Bug 1623536 - Re-enable TLS 1.0, r?keeler
Beta/Release Uplift Approval Request
- User impact if declined: We had previously agreed to disable TLS 1.0. But other browsers have delayed their deployments of this change, so we are the only browser not to allow TLS 1.0 to work.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This expands compatibility by changing a well-tested pref. This restores the state as of two releases prior.
- String changes made/needed: none
Updated•4 years ago
|
Updated•4 years ago
|
Comment 5•4 years ago
|
||
This bug is tracked by a release manager but with a small severity so change it to major.
For more information, please visit auto_nag documentation.
Comment 6•4 years ago
|
||
Comment on attachment 9134296 [details]
Bug 1623536 - Re-enable TLS 1.0, r?keeler
Blocker bug, uplift approved for 75 beta 6, thanks.
Comment 7•4 years ago
|
||
Assignee | ||
Comment 8•4 years ago
|
||
Yes, we might need some time to work out what to do with 76, but I am hoping that we'll be back on track. I'm checking with other browsers on status.
Assignee | ||
Comment 9•4 years ago
|
||
MozReview-Commit-ID: 7BH2ctZyrEq
Depends on D67418
Updated•4 years ago
|
Comment 10•4 years ago
|
||
uplift |
Updated•4 years ago
|
Comment 11•4 years ago
|
||
I have verified the following, using the latest Firefox Beta 75.0b6 (Build ID: 20200319224147) on Windows 10 x64, macOS 10.15, and Ubuntu Linux 18.04 x64.
- The value of the
security.tls.version.min
pref is by default set to1
. - The TLS v1.0 handshake is successfully done between the Firefox browser and the following URL
https://tls-v1-0.badssl.com:1010/
. - The
https://tls-v1-0.badssl.com:1010/
website will return an error if the value of thesecurity.tls.version.min
pref is manually set to2
or3
or4
.
Comment 12•4 years ago
|
||
Updated site compatibility note: https://www.fxsitecompat.dev/en-CA/docs/2020/tls-1-0-1-1-support-has-been-removed/
Comment 13•4 years ago
|
||
76 goes to Beta next week - I assume we want to land a similar change before then?
Assignee | ||
Comment 14•4 years ago
|
||
We are currently discussing plans. I expect that we'll have to roll a bunch of code back and expect a decision shortly. (Keeping needinfo set as a reminder.)
Comment 15•4 years ago
|
||
Google will resume release of Chrome 81 during the week of April 7:
https://blog.chromium.org/2020/03/chrome-and-chrome-os-release-updates.html
Comment 16•4 years ago
•
|
||
It's very unlikely that Google will roll out TLS 1.0/1.1 removal in Chrome 81. Currently, we plan to pick up our deprecation plans in Beta 77, monitor for two cycles, and then let ride to Release 78, but we will keep monitoring the situation.
Assignee | ||
Comment 17•4 years ago
|
||
Bug 1626495 tracks re-enabling TLS 1.0 for 76 and 77.
Updated•4 years ago
|
Updated•4 years ago
|
Description
•