Fwd: Intent to unship: TLS 1.0 and TLS 1.1

Óvári ovari123 at zoho.com
Thu Sep 12 20:33:36 UTC 2019


When will Thunderbird support TLS 1.3?

Thank you

Óvári

On 13/9/19 12:04 am, Kai Engert wrote:
> On 12.09.19 14:40, Patrick Cloke wrote:
>> I'm curious what effect this will have on Thunderbird. Do we have any
>> idea what percentage of SMTP/IMAP/POP servers are using these versions
>> of TLS?
> I don't have numbers.
>
> My primary concern here is our inadequate communication of errors
> related to SSL/TLS connectivity to the user.
>
> Any change to disable old protocols, while the older versions are still
> deployed on server, will frustrate users if they don't understand what's
> going wrong.
>
> I think better user feedback should get a higher priority. Once we
> disable the protocols, Thunderbird users should be able to identify if a
> connection failure is caused by a deprecation.
>
> Regarding the timing, this seems to be a coordinated effort by browsers
> to motivate system administrators to upgrade to more secure settings.
>
> Other applications like email clients could decide to delay the
> deprecation a little longer, however, the same arguments apply to us,
> too. If TLS 1.0 and TLS 1.1 are no longer secure, we should consider to
> follow the lead of the browsers.
>
> Maybe the following could be a reasonable timeline:
>
> - continue to support for the lifetime of the TB 68.x branch
>
> - in March 2020, around the same time as browsers disable it,
>    disable by default in both TB Daily builds and TB Beta.
>
> - disable by default for the major TB release mid 2020
>
> - we can consider to allow users to set a hidden pref to override
>    for the 2020 release.
>
> Kai
> _______________________________________________
> tb-planning mailing list
> tb-planning at mozilla.org
> https://mail.mozilla.org/listinfo/tb-planning




More information about the tb-planning mailing list