Closed Bug 56865 Opened 24 years ago Closed 24 years ago

Turn off TLS by default

Categories

(Core Graveyard :: Security: UI, enhancement, P3)

1.0 Branch
enhancement

Tracking

(Not tracked)

VERIFIED INVALID

People

(Reporter: junruh, Assigned: ddrinan0264)

Details

(Whiteboard: RFE[need info])

Making Netscape 6 inoperable at some secure sites, such as banks and merchants 
who run IBM servers, does not seem like a smart move, especially since bug 33772 
is open- "No warning when connection is not possible."

The user is not given an explanation on why the browser cannot connect. There is 
a workaround, which is to turn off TLS in the Security Manager UI, but only a 
tiny fraction of users would know to do that. I vote for turning off TLS by 
default, and those users who want to stick with TLS can turn it on.
rtm
Keywords: rtm
This seems like a good thing to work on.  If you're working on it please put 
[rtm need info] in the status whiteboard.  How soon could we get a small, safe 
patch for this fix?
Whiteboard: [need info]
The concensus in the Security group is that TLS should be turned on by default, 
which it already is, so I'm just going to mark this invalid, especially after 
hearing ekrock speak at the Seamonkey meeting yesterday. The topic was "Fix the 
web".
Severity: normal → enhancement
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → INVALID
Whiteboard: [need info] → RFE[need info]
Target Milestone: --- → Future
John, do you feel this should be release noted?
There should be a release note stating that some secure sites are not TLS 
compatible, and that to reach them, you can open the Security Manager, click on 
Advanced, Options, and turn off TLS. Eventually, most everyone is going to run 
into this kind of site, and if they read the release notes, that would help them 
out.
Keywords: relnoteRTM
John - can you update the release note tracking bug: 

http://bugzilla.mozilla.org/show_bug.cgi?id=50809
Release noted - "Some secure (https) web sites are not TLS compatible. TLS is 
the new version of SSL. If you are having trouble reaching a particular secure 
web site, try turning off TLS for that site. To do so, click on Tasks, Privacy 
and Security, and open the Personal Security Manager. Click on Advanced, 
Options, and turn off TLS."
Status: RESOLVED → VERIFIED
Mass changing Security:Crypto to PSM
Component: Security: Crypto → Client Library
Product: Browser → PSM
Target Milestone: Future → ---
Version: other → 2.1
Mass changing Security:Crypto to PSM
Product: PSM → Core
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.