TLS 1.0 and TLS 1.1 support
Dear support team,
hope you are well in these difficult times. My question concerns the support of TLS 1.0 and 1.1. I have a rather old Netgear NAS within my network but it runs quite well. Access to it's web site requires one of the above TLS versions. Netgear has discontinued support for this device. I have found some web content which describes changing the TLS version in "about:config" of FireFox. Changing this parameter worked well already.
How long will Mozilla provide these configuration parameters "security.tls.version.max" and "security.tls.version.min" in "about:config"? If ending availability of older TLS versions in FireFox, I will not be able to run my NAS any more - a very expensive consequence I think (NAS migration).
Thanks a lot in advance, stay safe
Guenther Gredy
All Replies (3)
Note that there is also this pref to enable TLS 1.0 and 1.1 without the need to change the security.tls.version.min pref.
- security.tls.version.enable-deprecated
See also these bug reports.
- Bug 1579285 - Offer to re-enable TLS 1.0 and 1.1 on TLS version failure
- Bug 1590935 - Offer to re-enable TLS 1.0 on SSL_ERROR_PROTOCOL_VERSION_ALERT
(please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html)
Thank you very much for your answer, very helpful!
Will Mozilla keep these parameters and the related piece of TLS-code? As I understood that is a temporary solution. The answer to this question is very important concerning the migration strategy for my NAS.
Imagine the following use case. The parameter "security.tls.version.enable-deprecated" is set to "false" and there are three web sites, one with TLS 1.0, one with TLS 1.1 and the third with TLS 1.3. Does FireFox negotiate the highest possible security level individually with each web site? From my point of view this would be the most elegant long term strategy. A user has two possibilities: 1. Stay with the device because the manufacturer has stopped support and does not offer a TLS version migration (my situation); FireFox uses one of the older TLS versions. 2. Migrate the device's TLS version by updating it's firmware offered by the manufacturer; FireFox will use the most secure TLS version.
If this is already possible, I would appreciate giving me an example of how to configure the TLS related parameters in "about:config".
Thanks, BR Guenther