Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Behavior for security.tls.version.fallback, max and min

  • 2 답장
  • 6 이 문제를 만남
  • 1 보기
  • 최종 답변자: DSakura

more options

Hi folks, I have a question about this combination in config: security.tls.version.fallback-limit = 3

security.tls.version.max = 3

security.tls.version.min = 1

All of those are default in FF 48.0.2 .

According to KB, FF should allow TLS 1.0, 1.1 and 1.2, and fallback is not allowed from TLS 1.2.

Here is my question: if the server only supports TLS 1.0, what will FF do? Refuse it or happily connect to the server?

Hi folks, I have a question about this combination in config: security.tls.version.fallback-limit = 3 security.tls.version.max = 3 security.tls.version.min = 1 All of those are default in FF 48.0.2 . According to KB, FF should allow TLS 1.0, 1.1 and 1.2, and fallback is not allowed from TLS 1.2. Here is my question: if the server only supports TLS 1.0, what will FF do? Refuse it or happily connect to the server?

글쓴이 DSakura 수정일시

선택된 해결법

Firefox 48 can connect with servers that only advertise support for TLS 1.0 (assuming they use a valid certificate and ciphers that Firefox considers acceptable).

"Fallback" is a process where the server advertises support for TLS 1.2 but Firefox is unable to connect using TLS 1.2 for some reason, so Firefox used to try TLS 1.1, 1.0, even SSLv3. Since that kind of fallback can be triggered by an untrusted intermediary, it is no longer supported.

문맥에 따라 이 답변을 읽어주세요 👍 3

모든 댓글 (2)

more options

선택된 해결법

Firefox 48 can connect with servers that only advertise support for TLS 1.0 (assuming they use a valid certificate and ciphers that Firefox considers acceptable).

"Fallback" is a process where the server advertises support for TLS 1.2 but Firefox is unable to connect using TLS 1.2 for some reason, so Firefox used to try TLS 1.1, 1.0, even SSLv3. Since that kind of fallback can be triggered by an untrusted intermediary, it is no longer supported.

more options

jscher2000 said

Firefox 48 can connect with servers that only advertise support for TLS 1.0 (assuming they use a valid certificate and ciphers that Firefox considers acceptable). "Fallback" is a process where the server advertises support for TLS 1.2 but Firefox is unable to connect using TLS 1.2 for some reason, so Firefox used to try TLS 1.1, 1.0, even SSLv3. Since that kind of fallback can be triggered by an untrusted intermediary, it is no longer supported.

Thank you for explaining fallback. I got some misunderstanding on that word :/

I will promote the answer a bit later since I am busy now.

Thanks again!