Years ago I could have sworn we used security.tls.insecure_fallback_hosts to list a specific host that we wanted to allow to use an older version of TLS while we waited on the site to be upgrade while not having to adjust the security.tls.version.min setting.
My testing with Firefox 78.0.1 (x86) does not show the security.tls.version.min being changed after clicking on the button to enable TLS 1.0. I backed out the last node of the search and I can see the entry that was added for telemetry. I even closed Firefox and relaunched and other than the telemetry entry I do not see where the preference was changed. Before clicking on Enable TLS 1.0/1.1 button: [cid:[email protected]] After clicking on the Enable TLS 1.0/1.1 button: [cid:[email protected]] From: Mike Kaply <[email protected]> Sent: Tuesday, July 7, 2020 9:56 AM To: Eddie Rowe <[email protected]> Cc: Wes Kocher <[email protected]>; enterprise <[email protected]> Subject: Re: [Mozilla Enterprise] Firefox 78.0.1 Enable TLS 1.0 and 1.1 Button It changes the pref security.tls.version.min and sets a pref so we know it was done. It enables it for all sites (there's no good way to do it for a single site). If you don't want this behavior, you can use policy to set the minimum SSL version and the button will not display. At some point in the future, TLS 1.0 and 1,1 will go away completely. Mike On Mon, Jul 6, 2020 at 4:24 PM Eddie Rowe <[email protected]<mailto:[email protected]>> wrote: I am trying to figure out HOW it does this. Is this enabling TLS 1.0 and 1.1 for ONE web site or all sites (I have only found one site with no TLS 1.2 support)? How do we back out what change was made by clicking on the button to enable? I tried to reverse engineer it so I opened about:config and the only change I see relating to TLS is the security.tls.version.enable-deprecated that gets set to true after you click on the button. If I revert this value back to false, Firefox still will work with a site that I have discovered to be TLS 1.0 only. I goggled the term and there is a bugzilla entry that makes it sound like this setting is just for telemetry. This should be functionality that is documented somewhere. I would expect lots of people to be interested in this info. From: Enterprise <[email protected]<mailto:[email protected]>> On Behalf Of Wes Kocher Sent: Monday, July 6, 2020 2:14 PM Cc: enterprise <[email protected]<mailto:[email protected]>> Subject: Re: [Mozilla Enterprise] Firefox 78.0.1 Enable TLS 1.0 and 1.1 Button That should just re-enable support for the older TLS versions within Firefox. On Mon, Jul 6, 2020, 12:02 PM Eddie Rowe <[email protected]<mailto:[email protected]>> wrote: Does anyone know what clicking on this button will do? Is this creating a registry key on the Windows platform under HKCU or doing something else? _______________________________________________ Enterprise mailing list [email protected]<mailto:[email protected]> https://mail.mozilla.org/listinfo/enterprise<https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_enterprise&d=DwMFaQ&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=Xs78Gs9KkiHVJ99ipaBT7S7UmuwxmuHImeurR5RlpG4&s=gCdB0DZj3URcK9kJlEz5ijn4xNopufhY_ZUUf1vFUBE&e=> To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise<https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_enterprise&d=DwMFaQ&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=Xs78Gs9KkiHVJ99ipaBT7S7UmuwxmuHImeurR5RlpG4&s=gCdB0DZj3URcK9kJlEz5ijn4xNopufhY_ZUUf1vFUBE&e=> or send an email to [email protected]<mailto:[email protected]> with a subject of "unsubscribe" _______________________________________________ Enterprise mailing list [email protected]<mailto:[email protected]> https://mail.mozilla.org/listinfo/enterprise<https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_enterprise&d=DwMFaQ&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=IhkBASYawF-lg0V5Ndl9PEevrx8LRyxR9rxVhHDx7yg&s=1dO0KpTuEJ6zYS4MA03fCZwR4fO3pUUUA3eI-Dniz4c&e=> To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise<https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_enterprise&d=DwMFaQ&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=IhkBASYawF-lg0V5Ndl9PEevrx8LRyxR9rxVhHDx7yg&s=1dO0KpTuEJ6zYS4MA03fCZwR4fO3pUUUA3eI-Dniz4c&e=> or send an email to [email protected]<mailto:[email protected]> with a subject of "unsubscribe"
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
