Turn off TLS by default

VERIFIED INVALID

Status

Core Graveyard
Security: UI
P3
enhancement
VERIFIED INVALID
17 years ago
a year ago

People

(Reporter: John Unruh, Assigned: David P. Drinan)

Tracking

1.0 Branch

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: RFE[need info])

(Reporter)

Description

17 years ago
Making Netscape 6 inoperable at some secure sites, such as banks and merchants 
who run IBM servers, does not seem like a smart move, especially since bug 33772 
is open- "No warning when connection is not possible."

The user is not given an explanation on why the browser cannot connect. There is 
a workaround, which is to turn off TLS in the Security Manager UI, but only a 
tiny fraction of users would know to do that. I vote for turning off TLS by 
default, and those users who want to stick with TLS can turn it on.
(Reporter)

Comment 1

17 years ago
rtm
Keywords: rtm

Comment 2

17 years ago
This seems like a good thing to work on.  If you're working on it please put 
[rtm need info] in the status whiteboard.  How soon could we get a small, safe 
patch for this fix?
Whiteboard: [need info]
(Reporter)

Comment 3

17 years ago
The concensus in the Security group is that TLS should be turned on by default, 
which it already is, so I'm just going to mark this invalid, especially after 
hearing ekrock speak at the Seamonkey meeting yesterday. The topic was "Fix the 
web".
Severity: normal → enhancement
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → INVALID
Whiteboard: [need info] → RFE[need info]
Target Milestone: --- → Future

Comment 4

17 years ago
John, do you feel this should be release noted?
(Reporter)

Comment 5

17 years ago
There should be a release note stating that some secure sites are not TLS 
compatible, and that to reach them, you can open the Security Manager, click on 
Advanced, Options, and turn off TLS. Eventually, most everyone is going to run 
into this kind of site, and if they read the release notes, that would help them 
out.
Keywords: relnoteRTM

Comment 6

17 years ago
John - can you update the release note tracking bug: 

http://bugzilla.mozilla.org/show_bug.cgi?id=50809
(Reporter)

Comment 7

17 years ago
Release noted - "Some secure (https) web sites are not TLS compatible. TLS is 
the new version of SSL. If you are having trouble reaching a particular secure 
web site, try turning off TLS for that site. To do so, click on Tasks, Privacy 
and Security, and open the Personal Security Manager. Click on Advanced, 
Options, and turn off TLS."
Status: RESOLVED → VERIFIED
(Reporter)

Comment 8

16 years ago
Mass changing Security:Crypto to PSM
Component: Security: Crypto → Client Library
Product: Browser → PSM
Target Milestone: Future → ---
Version: other → 2.1
(Reporter)

Comment 9

16 years ago
Mass changing Security:Crypto to PSM

Updated

13 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

9 years ago
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.