I was wrong, and you are correct, it sets security.tls.version.enable-deprecated.
As far as security.tls.insecure_fallback_hosts goes, it will only work if you also set security.tls.version.enable-deprecated. Mike On Tue, Jul 7, 2020 at 11:08 AM Eddie Rowe <[email protected]> wrote: > Years ago I could have sworn we used security.tls.insecure_fallback_hosts > to list a specific host that we wanted to allow to use an older version of > TLS while we waited on the site to be upgrade while not having to adjust > the security.tls.version.min setting. > > > > My testing with Firefox 78.0.1 (x86) does *not* show the > security.tls.version.min being changed after clicking on the button to > enable TLS 1.0. I backed out the last node of the search and I can see the > entry that was added for telemetry. I even closed Firefox and relaunched > and other than the telemetry entry I do not see where the preference was > changed. > > > > *Before clicking on Enable TLS 1.0/1.1 button:* > > > > *After clicking on the Enable TLS 1.0/1.1 button:* > > > > *From:* Mike Kaply <[email protected]> > *Sent:* Tuesday, July 7, 2020 9:56 AM > *To:* Eddie Rowe <[email protected]> > *Cc:* Wes Kocher <[email protected]>; enterprise <[email protected]> > *Subject:* Re: [Mozilla Enterprise] Firefox 78.0.1 Enable TLS 1.0 and 1.1 > Button > > > > It changes the pref security.tls.version.min and sets a pref so we know it > was done. > > > > It enables it for all sites (there's no good way to do it for a single > site). > > > > If you don't want this behavior, you can use policy to set the minimum SSL > version and the button will not display. > > > > At some point in the future, TLS 1.0 and 1,1 will go away completely. > > > > Mike > > > > On Mon, Jul 6, 2020 at 4:24 PM Eddie Rowe <[email protected]> > wrote: > > I am trying to figure out HOW it does this. Is this enabling TLS 1.0 and > 1.1 for ONE web site or all sites (I have only found one site with no TLS > 1.2 support)? How do we back out what change was made by clicking on the > button to enable? I tried to reverse engineer it so I opened about:config > and the only change I see relating to TLS is the > security.tls.version.enable-deprecated > that gets set to true after you click on the button. If I revert this > value back to false, Firefox still will work with a site that I have > discovered to be TLS 1.0 only. I goggled the term and there is a bugzilla > entry that makes it sound like this setting is just for telemetry. > > > > This should be functionality that is documented somewhere. I would expect > lots of people to be interested in this info. > > > > *From:* Enterprise <[email protected]> *On Behalf Of *Wes > Kocher > *Sent:* Monday, July 6, 2020 2:14 PM > *Cc:* enterprise <[email protected]> > *Subject:* Re: [Mozilla Enterprise] Firefox 78.0.1 Enable TLS 1.0 and 1.1 > Button > > > > That should just re-enable support for the older TLS versions within > Firefox. > > > > On Mon, Jul 6, 2020, 12:02 PM Eddie Rowe <[email protected]> > wrote: > > Does anyone know what clicking on this button will do? Is this creating a > registry key on the Windows platform under HKCU or doing something else? > > > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > <https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_enterprise&d=DwMFaQ&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=Xs78Gs9KkiHVJ99ipaBT7S7UmuwxmuHImeurR5RlpG4&s=gCdB0DZj3URcK9kJlEz5ijn4xNopufhY_ZUUf1vFUBE&e=> > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise > <https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_enterprise&d=DwMFaQ&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=Xs78Gs9KkiHVJ99ipaBT7S7UmuwxmuHImeurR5RlpG4&s=gCdB0DZj3URcK9kJlEz5ijn4xNopufhY_ZUUf1vFUBE&e=> > or send an email to [email protected] with a subject of > "unsubscribe" > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > <https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_enterprise&d=DwMFaQ&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=IhkBASYawF-lg0V5Ndl9PEevrx8LRyxR9rxVhHDx7yg&s=1dO0KpTuEJ6zYS4MA03fCZwR4fO3pUUUA3eI-Dniz4c&e=> > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise > <https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_enterprise&d=DwMFaQ&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=IhkBASYawF-lg0V5Ndl9PEevrx8LRyxR9rxVhHDx7yg&s=1dO0KpTuEJ6zYS4MA03fCZwR4fO3pUUUA3eI-Dniz4c&e=> > or send an email to [email protected] with a subject of > "unsubscribe" > >
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
