Does Firefox ESR still supports NTLM v1 ?
This might be a simple question. Does Firefox ESR still supports NTLM v1 ? Can we still add the value "network.negotiate-auth.delegation-uris" in preference. Does that enabled NTLM v1. Is there any document or release notes that states Firefox is disabling this setting from Firefox 78 and later. Some how I am not able to find it in release notes.
All Replies (6)
Are you sure you mean NTLM v1?
That hasn't been supported for 7 years.
raam.bc said
Can we still add the value "network.negotiate-auth.delegation-uris" in preference.
It looks like the preference is detected in both Firefox 102esr and the latest development code (Firefox Nightly 114). I don't have a server to test on.
Thanks Mike Kaply and jscher2000.
Yes Mike Kaply, I am aware that NTLM v1 is not directly supported, but as you see based jscher2000 comments "network.negotiate-auth.delegation-uris" is indirectly supporting NTLM v1. Are we able to find any release notes that states that NTLM v1 is completely not supported in Firefox.
I am asking this question for an audit documentation related with security of Firefox and want to make sure NTLM v1 is still supported or not.
> "network.negotiate-auth.delegation-uris" is indirectly supporting NTLM v1.
I'm not sure why you would think that. It's just supporting NTLM.
NTLM v1 was disabled in this bug 9 years ago (Firefox 30)
Looking at that bug more, it was disabling insecure NTLM v1. I'm still researching.
We support turning on NTLMv1, but we don't have it on by default.