[Mozilla Enterprise] Is it possible to put security.tls.version.enable-deprecated in the Firefox ESR ADMX template in a near future?

Mike Kaply mkaply at mozilla.com
Wed Feb 3 15:55:59 UTC 2021 

After discussion, I'll add this one to policy.

Mike

On Mon, Feb 1, 2021 at 11:08 AM Mike Kaply <mkaply at mozilla.com> wrote:

> I'm curious as to why you want this?
>
> It's not the users fault that they are running into TLS 1.0/1.1 sites.
> Where are these TLS 1.0/1.1 sites coming from? Are they internal sites that
> need to be upgraded?
>
> What you're proposing will train your users to click "bypass" on security
> pages like that which I don't think you want to do.
>
> Mike Kaply
>
> On Mon, Feb 1, 2021 at 5:06 AM <marius.tarlo at orange.com> wrote:
>
>> Hello,
>>
>>
>>
>> We currently have TLS enabled from 1.0 to 1.3 (SSLversionmin to 1 and
>> SSLversionmax to 1.3) and we would like to set up the following
>> configuration :
>>
>> -       Remove the 2 parameters SSLversionmin and SSLversionmax
>>
>> -       When the user browses a TLS 1.0 or TLS 1.1 site, it shows a
>> “SSL_ERROR_UNSUPPORTED_VERSION” error, with a button “Enable TLS 1.0 and
>> 1.1” : we would like to have this error message appearing every time the
>> user launches Firefox (we don’t want the user to click it once and have
>> forever *security.tls.version.enable-deprecated* set to true, but we
>> want the user having to click it every time)
>>
>>
>>
>> It would be easy to set this up by setting
>> *security.tls.version.enable-deprecated* to *false* in the GPO (then
>> it’s set to *false* when the user launches Firefox, and if he clicks the
>> button, it’s set to *true* temporarily during his session but the next
>> time he launches it would be reset to false again)
>>
>>
>>
>> But unfortunately for us, it’s not in the Preferences part of the ADMX (
>> https://github.com/mozilla/policy-templates/blob/v2.7/README.md#preferences
>> )
>>
>>
>>
>> Would it be possible to have it added in the ADMX in a near future?
>>
>>
>>
>> Thank you very much for your answer!
>>
>>
>>
>> Cordialement / Best regards,
>>
>> [image: http://www.orange.com/sirius/logos_mail/orange_logo.gif]
>> <http://www.orange.com/>
>>
>> *Marius TARLO*
>> Maintenance e-buro
>> * Orange*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=Orange,ou=entities>/*OBS*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=OBS,ou=Orange,ou=entities>
>> /*SCE*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=SCE,ou=OBS,ou=Orange,ou=entities>
>> /*OCB SUBS*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=OCB%20SUBS,ou=SCE,ou=OBS,ou=Orange,ou=entities>
>> /*DACF*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=DACF,ou=OCB%20SUBS,ou=SCE,ou=OBS,ou=Orange,ou=entities>
>> /*DS*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=DS,ou=DACF,ou=OCB%20SUBS,ou=SCE,ou=OBS,ou=Orange,ou=entities>
>> /*CS*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=CS,ou=DS,ou=DACF,ou=OCB%20SUBS,ou=SCE,ou=OBS,ou=Orange,ou=entities>
>> /*TMI ORA*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=TMI%20ORA,ou=CS,ou=DS,ou=DACF,ou=OCB%20SUBS,ou=SCE,ou=OBS,ou=Orange,ou=entities>
>>
>> *Orange*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=Orange,ou=entities>/*TGI*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=TGI,ou=Orange,ou=entities>
>> /*OLS*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=OLS,ou=TGI,ou=Orange,ou=entities>
>> /*DIESE*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=DIESE,ou=OLS,ou=TGI,ou=Orange,ou=entities>
>> /*DWS*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=GWIS,ou=DIESE,ou=OLS,ou=TGI,ou=Orange,ou=entities>
>> /*ESM*
>> <http://annuaire.sso.infra.ftgroup/entities/ou=MSSM,ou=GWIS,ou=DIESE,ou=OLS,ou=TGI,ou=Orange,ou=entities>
>> tél. +33 1 42 75 34 25
>> marius.tarlo at orange.com
>>
>>
>>
>> _________________________________________________________________________________________________________________________
>>
>> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
>> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
>> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
>> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>>
>> This message and its attachments may contain confidential or privileged information that may be protected by law;
>> they should not be distributed, used or copied without authorisation.
>> If you have received this email in error, please notify the sender and delete this message and its attachments.
>> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
>> Thank you.
>>
>> _______________________________________________
>> Enterprise mailing list
>> Enterprise at mozilla.org
>> https://mail.mozilla.org/listinfo/enterprise
>>
>> To unsubscribe from this list, please visit
>> https://mail.mozilla.org/listinfo/enterprise or send an email to
>> enterprise-request at mozilla.org with a subject of "unsubscribe"
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20210203/8a13d027/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 785 bytes
Desc: not available
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20210203/8a13d027/attachment.jpg>

More information about the Enterprise mailing list