Fwd: Intent to unship: TLS 1.0 and TLS 1.1
ovari123 at zoho.com
Thu Sep 12 20:33:36 UTC 2019
When will Thunderbird support TLS 1.3?
On 13/9/19 12:04 am, Kai Engert wrote:
> On 12.09.19 14:40, Patrick Cloke wrote:
>> I'm curious what effect this will have on Thunderbird. Do we have any
>> idea what percentage of SMTP/IMAP/POP servers are using these versions
>> of TLS?
> I don't have numbers.
> My primary concern here is our inadequate communication of errors
> related to SSL/TLS connectivity to the user.
> Any change to disable old protocols, while the older versions are still
> deployed on server, will frustrate users if they don't understand what's
> going wrong.
> I think better user feedback should get a higher priority. Once we
> disable the protocols, Thunderbird users should be able to identify if a
> connection failure is caused by a deprecation.
> Regarding the timing, this seems to be a coordinated effort by browsers
> to motivate system administrators to upgrade to more secure settings.
> Other applications like email clients could decide to delay the
> deprecation a little longer, however, the same arguments apply to us,
> too. If TLS 1.0 and TLS 1.1 are no longer secure, we should consider to
> follow the lead of the browsers.
> Maybe the following could be a reasonable timeline:
> - continue to support for the lifetime of the TB 68.x branch
> - in March 2020, around the same time as browsers disable it,
> disable by default in both TB Daily builds and TB Beta.
> - disable by default for the major TB release mid 2020
> - we can consider to allow users to set a hidden pref to override
> for the 2020 release.
> tb-planning mailing list
> tb-planning at mozilla.org
More information about the tb-planning