Avatar for Username

Hilfe durchsuchen

Vorsicht vor Support-Betrug: Wir fordern Sie niemals auf, eine Telefonnummer anzurufen, eine SMS an eine Telefonnummer zu senden oder persönliche Daten preiszugeben. Bitte melden Sie verdächtige Aktivitäten über die Funktion „Missbrauch melden“.

Learn More

Dieses Thema wurde archiviert. Bitte stellen Sie eine neue Frage, wenn Sie Hilfe benötigen.

TLS 1.0 and TLS 1.1 support

  • 3 Antworten
  • 6 haben dieses Problem
  • 53 Aufrufe
  • Letzte Antwort von guenther.gredy

guenther.gredy
guenther.gredy
more options

Dear support team,

hope you are well in these difficult times. My question concerns the support of TLS 1.0 and 1.1. I have a rather old Netgear NAS within my network but it runs quite well. Access to it's web site requires one of the above TLS versions. Netgear has discontinued support for this device. I have found some web content which describes changing the TLS version in "about:config" of FireFox. Changing this parameter worked well already.

How long will Mozilla provide these configuration parameters "security.tls.version.max" and "security.tls.version.min" in "about:config"? If ending availability of older TLS versions in FireFox, I will not be able to run my NAS any more - a very expensive consequence I think (NAS migration).

Thanks a lot in advance, stay safe

Guenther Gredy

Dear support team, hope you are well in these difficult times. My question concerns the support of TLS 1.0 and 1.1. I have a rather old Netgear NAS within my network but it runs quite well. Access to it's web site requires one of the above TLS versions. Netgear has discontinued support for this device. I have found some web content which describes changing the TLS version in "about:config" of FireFox. Changing this parameter worked well already. How long will Mozilla provide these configuration parameters "security.tls.version.max" and "security.tls.version.min" in "about:config"? If ending availability of older TLS versions in FireFox, I will not be able to run my NAS any more - a very expensive consequence I think (NAS migration). Thanks a lot in advance, stay safe Guenther Gredy

Alle Antworten (3)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Note that there is also this pref to enable TLS 1.0 and 1.1 without the need to change the security.tls.version.min pref.

  • security.tls.version.enable-deprecated
cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

See also these bug reports.

  • Bug 1579285 - Offer to re-enable TLS 1.0 and 1.1 on TLS version failure
  • Bug 1590935 - Offer to re-enable TLS 1.0 on SSL_ERROR_PROTOCOL_VERSION_ALERT

(please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html)

guenther.gredy
guenther.gredy Fragesteller
more options

Thank you very much for your answer, very helpful!

Will Mozilla keep these parameters and the related piece of TLS-code? As I understood that is a temporary solution. The answer to this question is very important concerning the migration strategy for my NAS.

Imagine the following use case. The parameter "security.tls.version.enable-deprecated" is set to "false" and there are three web sites, one with TLS 1.0, one with TLS 1.1 and the third with TLS 1.3. Does FireFox negotiate the highest possible security level individually with each web site? From my point of view this would be the most elegant long term strategy. A user has two possibilities: 1. Stay with the device because the manufacturer has stopped support and does not offer a TLS version migration (my situation); FireFox uses one of the older TLS versions. 2. Migrate the device's TLS version by updating it's firmware offered by the manufacturer; FireFox will use the most secure TLS version.

If this is already possible, I would appreciate giving me an example of how to configure the TLS related parameters in "about:config".

Thanks, BR Guenther