This thread was archived. Please ask a new question if you need help.
TLS 1.1 (or above) support is now critical due to the latest RC4 attacks. When will it be available?
Best practice currently recommends prioritizing RC4 on the server for SSL3/TLS1.0. E.g. see: https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf
The reason is because of the well known BEAST attack, block ciphers are no longer considered secure for SSL3/TLS1.0.
However, the latest research is indicating that RC4 is now also broken, with practical attacks probably not too far off. E.g. see: http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
This is not at issue in TLS1.1 and above. Unfortunately Firefox does not support anything above TLS1.0. This leaves users in a potentially very dangerous position.
I know this has been asked before, but I haven't actually seen an answer: When will firefox support TLS1.1 and/or TLS1.2?
please see this bug for latest updates on TLS 1.1 implementation.
This is a user support forum. Please add yourself to the CC list of that bug by first signing up here: https://bugzilla.mozilla.org/createaccount.cgi and then opening the bug and clicking on Save changes.Read this answer in context 👍 7