[Mozilla Enterprise] Firefox 78.0.1 Enable TLS 1.0 and 1.1 Button
Eddie Rowe
eddie.rowe at tdhca.state.tx.us
Tue Jul 7 16:08:19 UTC 2020
Years ago I could have sworn we used security.tls.insecure_fallback_hosts to list a specific host that we wanted to allow to use an older version of TLS while we waited on the site to be upgrade while not having to adjust the security.tls.version.min setting.
My testing with Firefox 78.0.1 (x86) does not show the security.tls.version.min being changed after clicking on the button to enable TLS 1.0. I backed out the last node of the search and I can see the entry that was added for telemetry. I even closed Firefox and relaunched and other than the telemetry entry I do not see where the preference was changed.
Before clicking on Enable TLS 1.0/1.1 button:
[cid:image001.png at 01D6544C.D4EAE5A0]
After clicking on the Enable TLS 1.0/1.1 button:
[cid:image002.png at 01D6544D.3AB31C40]
From: Mike Kaply <mkaply at mozilla.com>
Sent: Tuesday, July 7, 2020 9:56 AM
To: Eddie Rowe <eddie.rowe at tdhca.state.tx.us>
Cc: Wes Kocher <kwierso at gmail.com>; enterprise <enterprise at mozilla.org>
Subject: Re: [Mozilla Enterprise] Firefox 78.0.1 Enable TLS 1.0 and 1.1 Button
It changes the pref security.tls.version.min and sets a pref so we know it was done.
It enables it for all sites (there's no good way to do it for a single site).
If you don't want this behavior, you can use policy to set the minimum SSL version and the button will not display.
At some point in the future, TLS 1.0 and 1,1 will go away completely.
Mike
On Mon, Jul 6, 2020 at 4:24 PM Eddie Rowe <eddie.rowe at tdhca.state.tx.us<mailto:eddie.rowe at tdhca.state.tx.us>> wrote:
I am trying to figure out HOW it does this. Is this enabling TLS 1.0 and 1.1 for ONE web site or all sites (I have only found one site with no TLS 1.2 support)? How do we back out what change was made by clicking on the button to enable? I tried to reverse engineer it so I opened about:config and the only change I see relating to TLS is the security.tls.version.enable-deprecated that gets set to true after you click on the button. If I revert this value back to false, Firefox still will work with a site that I have discovered to be TLS 1.0 only. I goggled the term and there is a bugzilla entry that makes it sound like this setting is just for telemetry.
This should be functionality that is documented somewhere. I would expect lots of people to be interested in this info.
From: Enterprise <enterprise-bounces at mozilla.org<mailto:enterprise-bounces at mozilla.org>> On Behalf Of Wes Kocher
Sent: Monday, July 6, 2020 2:14 PM
Cc: enterprise <enterprise at mozilla.org<mailto:enterprise at mozilla.org>>
Subject: Re: [Mozilla Enterprise] Firefox 78.0.1 Enable TLS 1.0 and 1.1 Button
That should just re-enable support for the older TLS versions within Firefox.
On Mon, Jul 6, 2020, 12:02 PM Eddie Rowe <eddie.rowe at tdhca.state.tx.us<mailto:eddie.rowe at tdhca.state.tx.us>> wrote:
Does anyone know what clicking on this button will do? Is this creating a registry key on the Windows platform under HKCU or doing something else?
_______________________________________________
Enterprise mailing list
Enterprise at mozilla.org<mailto:Enterprise at mozilla.org>
https://mail.mozilla.org/listinfo/enterprise<https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_enterprise&d=DwMFaQ&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=Xs78Gs9KkiHVJ99ipaBT7S7UmuwxmuHImeurR5RlpG4&s=gCdB0DZj3URcK9kJlEz5ijn4xNopufhY_ZUUf1vFUBE&e=>
To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise<https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_enterprise&d=DwMFaQ&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=Xs78Gs9KkiHVJ99ipaBT7S7UmuwxmuHImeurR5RlpG4&s=gCdB0DZj3URcK9kJlEz5ijn4xNopufhY_ZUUf1vFUBE&e=> or send an email to enterprise-request at mozilla.org<mailto:enterprise-request at mozilla.org> with a subject of "unsubscribe"
_______________________________________________
Enterprise mailing list
Enterprise at mozilla.org<mailto:Enterprise at mozilla.org>
https://mail.mozilla.org/listinfo/enterprise<https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_enterprise&d=DwMFaQ&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=IhkBASYawF-lg0V5Ndl9PEevrx8LRyxR9rxVhHDx7yg&s=1dO0KpTuEJ6zYS4MA03fCZwR4fO3pUUUA3eI-Dniz4c&e=>
To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise<https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_enterprise&d=DwMFaQ&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=IhkBASYawF-lg0V5Ndl9PEevrx8LRyxR9rxVhHDx7yg&s=1dO0KpTuEJ6zYS4MA03fCZwR4fO3pUUUA3eI-Dniz4c&e=> or send an email to enterprise-request at mozilla.org<mailto:enterprise-request at mozilla.org> with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20200707/9e6d5c94/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 10638 bytes
Desc: image001.png
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20200707/9e6d5c94/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 21366 bytes
Desc: image002.png
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20200707/9e6d5c94/attachment-0001.png>
More information about the Enterprise
mailing list