After discussion, I'll add this one to policy. Mike
On Mon, Feb 1, 2021 at 11:08 AM Mike Kaply <[email protected]> wrote: > I'm curious as to why you want this? > > It's not the users fault that they are running into TLS 1.0/1.1 sites. > Where are these TLS 1.0/1.1 sites coming from? Are they internal sites that > need to be upgraded? > > What you're proposing will train your users to click "bypass" on security > pages like that which I don't think you want to do. > > Mike Kaply > > On Mon, Feb 1, 2021 at 5:06 AM <[email protected]> wrote: > >> Hello, >> >> >> >> We currently have TLS enabled from 1.0 to 1.3 (SSLversionmin to 1 and >> SSLversionmax to 1.3) and we would like to set up the following >> configuration : >> >> - Remove the 2 parameters SSLversionmin and SSLversionmax >> >> - When the user browses a TLS 1.0 or TLS 1.1 site, it shows a >> “SSL_ERROR_UNSUPPORTED_VERSION” error, with a button “Enable TLS 1.0 and >> 1.1” : we would like to have this error message appearing every time the >> user launches Firefox (we don’t want the user to click it once and have >> forever *security.tls.version.enable-deprecated* set to true, but we >> want the user having to click it every time) >> >> >> >> It would be easy to set this up by setting >> *security.tls.version.enable-deprecated* to *false* in the GPO (then >> it’s set to *false* when the user launches Firefox, and if he clicks the >> button, it’s set to *true* temporarily during his session but the next >> time he launches it would be reset to false again) >> >> >> >> But unfortunately for us, it’s not in the Preferences part of the ADMX ( >> https://github.com/mozilla/policy-templates/blob/v2.7/README.md#preferences >> ) >> >> >> >> Would it be possible to have it added in the ADMX in a near future? >> >> >> >> Thank you very much for your answer! >> >> >> >> Cordialement / Best regards, >> >> [image: http://www.orange.com/sirius/logos_mail/orange_logo.gif] >> <http://www.orange.com/> >> >> *Marius TARLO* >> Maintenance e-buro >> * Orange* >> <http://annuaire.sso.infra.ftgroup/entities/ou=Orange,ou=entities>/*OBS* >> <http://annuaire.sso.infra.ftgroup/entities/ou=OBS,ou=Orange,ou=entities> >> /*SCE* >> <http://annuaire.sso.infra.ftgroup/entities/ou=SCE,ou=OBS,ou=Orange,ou=entities> >> /*OCB SUBS* >> <http://annuaire.sso.infra.ftgroup/entities/ou=OCB%20SUBS,ou=SCE,ou=OBS,ou=Orange,ou=entities> >> /*DACF* >> <http://annuaire.sso.infra.ftgroup/entities/ou=DACF,ou=OCB%20SUBS,ou=SCE,ou=OBS,ou=Orange,ou=entities> >> /*DS* >> <http://annuaire.sso.infra.ftgroup/entities/ou=DS,ou=DACF,ou=OCB%20SUBS,ou=SCE,ou=OBS,ou=Orange,ou=entities> >> /*CS* >> <http://annuaire.sso.infra.ftgroup/entities/ou=CS,ou=DS,ou=DACF,ou=OCB%20SUBS,ou=SCE,ou=OBS,ou=Orange,ou=entities> >> /*TMI ORA* >> <http://annuaire.sso.infra.ftgroup/entities/ou=TMI%20ORA,ou=CS,ou=DS,ou=DACF,ou=OCB%20SUBS,ou=SCE,ou=OBS,ou=Orange,ou=entities> >> >> *Orange* >> <http://annuaire.sso.infra.ftgroup/entities/ou=Orange,ou=entities>/*TGI* >> <http://annuaire.sso.infra.ftgroup/entities/ou=TGI,ou=Orange,ou=entities> >> /*OLS* >> <http://annuaire.sso.infra.ftgroup/entities/ou=OLS,ou=TGI,ou=Orange,ou=entities> >> /*DIESE* >> <http://annuaire.sso.infra.ftgroup/entities/ou=DIESE,ou=OLS,ou=TGI,ou=Orange,ou=entities> >> /*DWS* >> <http://annuaire.sso.infra.ftgroup/entities/ou=GWIS,ou=DIESE,ou=OLS,ou=TGI,ou=Orange,ou=entities> >> /*ESM* >> <http://annuaire.sso.infra.ftgroup/entities/ou=MSSM,ou=GWIS,ou=DIESE,ou=OLS,ou=TGI,ou=Orange,ou=entities> >> tél. +33 1 42 75 34 25 >> [email protected] >> >> >> >> _________________________________________________________________________________________________________________________ >> >> Ce message et ses pieces jointes peuvent contenir des informations >> confidentielles ou privilegiees et ne doivent donc >> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu >> ce message par erreur, veuillez le signaler >> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages >> electroniques etant susceptibles d'alteration, >> Orange decline toute responsabilite si ce message a ete altere, deforme ou >> falsifie. Merci. >> >> This message and its attachments may contain confidential or privileged >> information that may be protected by law; >> they should not be distributed, used or copied without authorisation. >> If you have received this email in error, please notify the sender and >> delete this message and its attachments. >> As emails may be altered, Orange is not liable for messages that have been >> modified, changed or falsified. >> Thank you. >> >> _______________________________________________ >> Enterprise mailing list >> [email protected] >> https://mail.mozilla.org/listinfo/enterprise >> >> To unsubscribe from this list, please visit >> https://mail.mozilla.org/listinfo/enterprise or send an email to >> [email protected] with a subject of "unsubscribe" >> >
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
