Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

ძიება მხარდაჭერაში

ნუ გაებმებით თაღლითების მახეში. აქ არავინ უნდა მოგთხოვოთ ტელეფონზე დარეკვა, შეტყობინების გაგზავნა ან პირადი მონაცემების გაზიარება. რამე საეჭვოს შემჩნევისას გთხოვთ გვაცნობოთ „დარღვევის მოხსენებით“.

ვრცლად

ეს თემა დაარქივებულია. დასვით ახალი კითხვა, თუ დახმარება გესაჭიროებათ.

Behavior for security.tls.version.fallback, max and min

  • 2 პასუხი
  • 6 მომხმარებელი წააწყდა მსგავს სიძნელეს
  • 568 ნახვა
  • ბოლოს გამოეხმაურა DSakura
  • გადაწყვეტილი

DSakura
DSakura

Hi folks, I have a question about this combination in config: security.tls.version.fallback-limit = 3

security.tls.version.max = 3

security.tls.version.min = 1

All of those are default in FF 48.0.2 .

According to KB, FF should allow TLS 1.0, 1.1 and 1.2, and fallback is not allowed from TLS 1.2.

Here is my question: if the server only supports TLS 1.0, what will FF do? Refuse it or happily connect to the server?

Hi folks, I have a question about this combination in config: security.tls.version.fallback-limit = 3 security.tls.version.max = 3 security.tls.version.min = 1 All of those are default in FF 48.0.2 . According to KB, FF should allow TLS 1.0, 1.1 and 1.2, and fallback is not allowed from TLS 1.2. Here is my question: if the server only supports TLS 1.0, what will FF do? Refuse it or happily connect to the server?

ჩასწორების თარიღი: , ავტორი: DSakura

გადაწყვეტა შერჩეულია

Firefox 48 can connect with servers that only advertise support for TLS 1.0 (assuming they use a valid certificate and ciphers that Firefox considers acceptable).

"Fallback" is a process where the server advertises support for TLS 1.2 but Firefox is unable to connect using TLS 1.2 for some reason, so Firefox used to try TLS 1.1, 1.0, even SSLv3. Since that kind of fallback can be triggered by an untrusted intermediary, it is no longer supported.

პასუხის ნახვა სრულად 👍 3

ყველა პასუხი (2)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer

შერჩეული გადაწყვეტა

Firefox 48 can connect with servers that only advertise support for TLS 1.0 (assuming they use a valid certificate and ciphers that Firefox considers acceptable).

"Fallback" is a process where the server advertises support for TLS 1.2 but Firefox is unable to connect using TLS 1.2 for some reason, so Firefox used to try TLS 1.1, 1.0, even SSLv3. Since that kind of fallback can be triggered by an untrusted intermediary, it is no longer supported.

DSakura
DSakura კითხვის დამსმელი

jscher2000 said

Firefox 48 can connect with servers that only advertise support for TLS 1.0 (assuming they use a valid certificate and ciphers that Firefox considers acceptable). "Fallback" is a process where the server advertises support for TLS 1.2 but Firefox is unable to connect using TLS 1.2 for some reason, so Firefox used to try TLS 1.1, 1.0, even SSLv3. Since that kind of fallback can be triggered by an untrusted intermediary, it is no longer supported.

Thank you for explaining fallback. I got some misunderstanding on that word :/

I will promote the answer a bit later since I am busy now.

Thanks again!