Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

TLS 1.1 (or above) support is now critical due to the latest RC4 attacks. When will it be available?

  • 2 replies
  • 22 have this problem
  • 10 views
  • Last reply by cor-el

CrypticHorizon
CrypticHorizon
more options

Best practice currently recommends prioritizing RC4 on the server for SSL3/TLS1.0. E.g. see: https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf

The reason is because of the well known BEAST attack, block ciphers are no longer considered secure for SSL3/TLS1.0.

However, the latest research is indicating that RC4 is now also broken, with practical attacks probably not too far off. E.g. see: http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html

This is not at issue in TLS1.1 and above. Unfortunately Firefox does not support anything above TLS1.0. This leaves users in a potentially very dangerous position.

I know this has been asked before, but I haven't actually seen an answer: When will firefox support TLS1.1 and/or TLS1.2?

Many thanks

Best practice currently recommends prioritizing RC4 on the server for SSL3/TLS1.0. E.g. see: https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf The reason is because of the well known BEAST attack, block ciphers are no longer considered secure for SSL3/TLS1.0. However, the latest research is indicating that RC4 is now also broken, with practical attacks probably not too far off. E.g. see: http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html This is not at issue in TLS1.1 and above. Unfortunately Firefox does not support anything above TLS1.0. This leaves users in a potentially very dangerous position. I know this has been asked before, but I haven't actually seen an answer: When will firefox support TLS1.1 and/or TLS1.2? Many thanks

Chosen solution

Hello,

please see this bug for latest updates on TLS 1.1 implementation.

This is a user support forum. Please add yourself to the CC list of that bug by first signing up here: https://bugzilla.mozilla.org/createaccount.cgi and then opening the bug and clicking on Save changes.

Read this answer in context 👍 7

All Replies (2)

user66338
user66338
more options

Chosen Solution

Hello,

please see this bug for latest updates on TLS 1.1 implementation.

This is a user support forum. Please add yourself to the CC list of that bug by first signing up here: https://bugzilla.mozilla.org/createaccount.cgi and then opening the bug and clicking on Save changes.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Please do not comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
You can vote instead to show your interest