With TLS 1.3 disabled in the config settings, Firefox still connects to websites with TLS 1.3
Categories
(Core :: Networking, defect, P2)
Tracking
()
People
(Reporter: only1ryan, Assigned: dragana)
Details
(Keywords: reporter-external, Whiteboard: [necko-priority-queue][necko-triaged])
Attachments
(1 file)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
Steps to reproduce:
In Firefox I went to about:config and set
security.tls.version.max = 3
which disabled TLS 1.3 and left TLS 1.2 as the highest security setting. I checked the browser at ssllabs.com, which confirmed TLS 1.2 was the highest available protocol and listed the appropriate cipher suites.
Actual results:
A number of websites (e.g. Google, Facebook, Youtube) connected with TLS 1.3 and a new cipher suite. That is what I learned when I clicked on the lockbox in the address bar.
Expected results:
Why did Firefox not respect the new setting? I have toggled
security.tls.version.fallback-limit
between 3 and 4, but it does not seem to make any difference. Also, how does a person choose the cipher suites for TLS 1.3? They do not seem to be listed under
security.ssl3
in the about:config settings. Thanks.
|
||
Comment 1•3 years ago
|
||
I managed to reproduce this only on youtube.com from the examples provided above on Firefox 100.0.2, Firefox 102.0b2 and on Firefox 103.0a1, and it was connected with TLS 1.3 instead of TLS 1.2.
On Firefox 91.10.0esr I managed to reproduce the issue also on google.com.
I'm not sure is "Security" component is the right one, please feel free to change it if you think otherwise.
|
||
Comment 2•3 years ago
|
||
Did you clear the cache before connecting to those sites?
Each time I start Firefox I make it a point to go to the Privacy and Security settings and clear the Cookies and Site Data.
|
|
||
Comment 4•3 years ago
|
||
What about the network cache, though? (it's called "Cache" in that UI)
Sorry about that. I also clear the one called "Cached Web Content."
|
|
||
Comment 6•3 years ago
|
||
I think what's going on is we're getting an h3 alt-svc header and necko is using that when it probably shouldn't, if TLS 1.3 is disabled.
|
||
Comment 7•3 years ago
|
||
I think it should not be too difficult to add a check in necko to see if TLS 1.3 is enabled.
Put this to our priority queue candidate and wait for review.
|
||
Comment 8•3 years ago
|
||
The reporter asked through security@mozilla.org to nominate this for the bug bounty program. We will make our decision only after the bug has been fixed. However, given the information that is currently present and given that this is not considered a security bug as per https://wiki.mozilla.org/Security_Severity_Ratings/Client, it is likely that this will not be rewarded a bounty. (Final decision at the discretion of the bug bounty committee.)
Dragana can you please review and see if this is for Necko.
|
Assignee | |
Comment 10•3 years ago
|
||
The prefs are handled by PSM. Moving to the right component.
|
|
||
Comment 11•3 years ago
|
||
PSM handles the prefs, but Necko needs to do the appropriate thing based on the values of the perfs (namely, disregard h3 alt-svc headers if TLS 1.3 isn't enabled).
|
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Comment 12•3 years ago
|
||
|
||
Updated•3 years ago
|
|
||
Comment 13•3 years ago
|
||
|
|
||
Comment 14•3 years ago
|
||
| bugherder | ||
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
||
Updated•1 year ago
|
Description
•