Open Bug 1880709 Opened 4 months ago Updated 4 months ago

Remove Firefox Prefs for deprecated TLS Versions (1.0, 1.1).

Categories

(Core :: Security: PSM, enhancement, P3)

Product:
Core
Component:
Security: PSM
Version:
Firefox 125
Type:
enhancement

Tracking

()

People

(Reporter: Tom25519, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0

Steps to reproduce:

Nowadays, Chromium has been totally disable TLS 1.0 and 1.1.

Actual results:

Firefox still could use TLS 1.0 and 1.1. You can test it on https://tls-v1-0.badssl.com:1010/ and https://tls-v1-1.badssl.com:1011/ when security.tls.version.enable-deprecated = true.

Expected results:

I think should totally remove TLS 1.0/1.1 from NSS codebase and Firefox about:config in the future.

Removing the preferences to match Chrome's behaviour is reasonable.

However, BoringSSL has not removed TLS 1/1.1 support from their codebase. I expect that as BoringSSL is used in Google's server side products, they want to continue to support old clients. Similarly, NSS is also used in non-Firefox contexts and has a backwards-compat guarantee that we only break with major versions - so we're unlikely to remove support in the codebase itself in the near future.

Assignee: nobody → nobody
Severity: -- → N/A
Status: UNCONFIRMED → NEW
Component: Libraries → Security
Ever confirmed: true
Priority: -- → P3
Product: NSS → Firefox
Summary: Totally remove TLS 1.0/1.1 from codebase and about:config → Remove Firefox Prefs for deprecated TLS Versions (1.0, 1.1).
Version: unspecified → Firefox 125
Component: Security → Security: PSM
Product: Firefox → Core

I assume that this also has the same impact on Thunderbird!?

Correct. Thunderbird just follows platform for those prefs.

You need to log in before you can comment on or make changes to this bug.