Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Three years on: When will we see TLS1.1 and TLS1.2 in Firefox?

  • 3 odgovori
  • 24 ima ovaj problem
  • 21 views
  • Posljednji odgovor poslao Hiawatha

more options

So three years on we still appear to be waiting for an answer!

My FF17 still only has options for SSL3.0 and TLS1.0 so presumably the 'Bug' 565047 and 480514 are still in the process of being resolved?

The problem is in the meantime, is that the recently the PCI people started flagging up BEAST as a FAIL. Other assessors may have already been doing this since June 2012 or earlier, but ours has just started it since their last report. Organisations wishing to be compliant must remove or disable certain ciphers from the server, forcing the connecting browser to use RC4. (Some assessors will permit prioritising but ours will fail us and force us to appeal after every assessment). We know FF supports RC4 so that's no problem, but pressure is also mounting to ensure that only SSL3.0, and TLS1.1/.12 are enabled at the server to ensure the best security posture and full compliance. For example in Windows 2008RC2 this is neccessary in order to mitigate against BEAST and our understanding is that this is what the MS12-006 patch does.

This means that browser support for TLS1.1 and TLS1.2 is now essential rather than optional. In the current climate we are forced to seriously consider banning and removing browsers that do not support the latest TLS versions from our workstations as these are now being regarded as non-compliant with the latest security standards.

So will someone at Mozilla therefore please answer the question : WHEN will support for TLS1.1 and TLS1.2 be available please?

If it is already available (and we missed it) then how do we ensure it is enable please?

Thanks.

So three years on we still appear to be waiting for an answer! My FF17 still only has options for SSL3.0 and TLS1.0 so presumably the 'Bug' 565047 and 480514 are still in the process of being resolved? The problem is in the meantime, is that the recently the PCI people started flagging up BEAST as a FAIL. Other assessors may have already been doing this since June 2012 or earlier, but ours has just started it since their last report. Organisations wishing to be compliant must remove or disable certain ciphers from the server, forcing the connecting browser to use RC4. (Some assessors will permit prioritising but ours will fail us and force us to appeal after every assessment). We know FF supports RC4 so that's no problem, but pressure is also mounting to ensure that only SSL3.0, and TLS1.1/.12 are enabled at the server to ensure the best security posture and full compliance. For example in Windows 2008RC2 this is neccessary in order to mitigate against BEAST and our understanding is that this is what the MS12-006 patch does. This means that browser support for TLS1.1 and TLS1.2 is now essential rather than optional. In the current climate we are forced to seriously consider banning and removing browsers that do not support the latest TLS versions from our workstations as these are now being regarded as non-compliant with the latest security standards. So will someone at Mozilla therefore please answer the question : WHEN will support for TLS1.1 and TLS1.2 be available please? If it is already available (and we missed it) then how do we ensure it is enable please? Thanks.

All Replies (3)

more options
more options

Firefox's SSL library (NSS) recently included support for TLS1.1. I thought this would be a perfect time to hear some feedback from Mozilla on this matter. But so far, no TLS1.1 support and not a single word about any planning. Seriously guys, this is a big disgrace. I'm really thinking about moving to Chrome, only because of this single but big issue.

more options

Due to recently discovered problems with RC4, support for TLS 1.1 is crucial! Anybody from Mozilla finally willing to share some thoughts on this matter?