Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Learn More

I can’t change the min and max TLS versions with either policies.json or mozilla.cfg

  • 6 ответов
  • 0 имеют эту проблему
  • 187 просмотров
  • Последний ответ от Terwassolam21434

more options

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lockPref(“security.tls.version.max”,”3”), it is still 4 in about:config for some reason. If I set the min version to 2, it is still 3. This also doesn’t work if I use “SSLVersionMin”: “tls1.2” how can I fix this issue? Thank you in advance!

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lockPref(“security.tls.version.max”,”3”), it is still 4 in about:config for some reason. If I set the min version to 2, it is still 3. This also doesn’t work if I use “SSLVersionMin”: “tls1.2” how can I fix this issue? Thank you in advance!

Выбранное решение

The values you want are already the default values. Here are the valid values for security.tls.version.max and security.tls.version.min:

1 => TLS 1.0 2 => TLS 1.1 3 => TLS 1.2 4 => TLS 1.3

You can verify the effect of changes using: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html


But if you need to lock them:

For policies.json:

You need to use SSLVersionMax and SSLVersionMin as described on https://github.com/mozilla/policy-templates#sslversionmax

That is because the Preferences policy does not allow setting security.* preferences

General reference: Customizing Firefox Using policies.json

For Autoconfig:

Is your setup working at all -- the only problem is with the two preferences? See: Customizing Firefox Using AutoConfig

Прочитайте этот ответ в контексте 👍 0

Все ответы (6)

more options

Выбранное решение

The values you want are already the default values. Here are the valid values for security.tls.version.max and security.tls.version.min:

1 => TLS 1.0 2 => TLS 1.1 3 => TLS 1.2 4 => TLS 1.3

You can verify the effect of changes using: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html


But if you need to lock them:

For policies.json:

You need to use SSLVersionMax and SSLVersionMin as described on https://github.com/mozilla/policy-templates#sslversionmax

That is because the Preferences policy does not allow setting security.* preferences

General reference: Customizing Firefox Using policies.json

For Autoconfig:

Is your setup working at all -- the only problem is with the two preferences? See: Customizing Firefox Using AutoConfig

more options

The TLS has been at minimum 1.2 since the Fx 78 Release. https://www.mozilla.org/firefox/78.0/releasenotes/

We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.

https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/


Whoops, thought this was a Thunderbird question at the time though the change of disabling TLS 1.0 and TLS 1.1 was made in Tb 78.0 also.

Изменено James

more options

We have a patch to clean these up a bit. Should be clearer in the next policy update.

more options

jscher2000 - Support Volunteer said

The values you want are already the default values. Here are the valid values for security.tls.version.max and security.tls.version.min: 1 => TLS 1.0 2 => TLS 1.1 3 => TLS 1.2 4 => TLS 1.3 You can verify the effect of changes using: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

But if you need to lock them:

For policies.json:

You need to use SSLVersionMax and SSLVersionMin as described on https://github.com/mozilla/policy-templates#sslversionmax

That is because the Preferences policy does not allow setting security.* preferences

General reference: Customizing Firefox Using policies.json

For Autoconfig:

Is your setup working at all -- the only problem is with the two preferences? See: Customizing Firefox Using AutoConfig

Thank you! That definitely makes sense then since that lines up with what I want. I do need to lock them, so I’ll use those two policies. It works when I use that site as well. As for Autoconfig, my setup is working aside from those two preferences, although they’re fine anyway as is.


James said

The TLS has been at minimum 1.2 since the Fx 78 Release. https://www.mozilla.org/firefox/78.0/releasenotes/
We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.

https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/


Whoops, thought this was a Thunderbird question at the time though the change of disabling TLS 1.0 and TLS 1.1 was made in Tb 78.0 also.

Oh okay that makes sense! It’s good that my TLS versions are working as expected then. Thank you!

Mike Kaply said

We have a patch to clean these up a bit. Should be clearer in the next policy update.

That’s good to hear. That’s a very helpful change for sure! Thank you!

more options

Note that your question shows Unicode quotes (“;201c) and not normal quotes ("), so I'm not sure if this would work at all if you use this in the autoconfig.cfg file and not merely in your question.

  • lockPref(“security.tls.version.max”,”3”)
more options

cor-el said

Note that your question shows Unicode quotes (“;201c) and not normal quotes ("), so I'm not sure if this would work at all if you use this in the autoconfig.cfg file and not merely in your question.
  • lockPref(“security.tls.version.max”,”3”)

Oh okay that makes sense. I will change that to normal quotes then. Thank you!