On 05/12/2019 22:34, Martin Thomson wrote:
On Fri, Dec 6, 2019 at 5:08 AM <grahamper...@gmail.com
<mailto:grahamper...@gmail.com>> wrote:
>> … Safari, Firefox, Edge and Chrome are removing support for TLS
1.0 and 1.1 in March of 2020. …
Is that (timeline) still a _shared_ intent – for all four browsers?
I recently confirmed this, yes.
Re: the screenshot at
<https://user-images.githubusercontent.com/192271/70135931-e7e00800-1682-11ea-84f7-de2c397fa5eb.png>
I do like how things are shaping up in Firefox 71.0 with
security.tls.version.min set (or preset) to 3.
The intent is to have that dialog to disappear some time after March
next year or for the exceptions to be more narrowly targeted.
Re-enabling TLS 1.0 will still be possible via about:config for some
time after that, so people with a real need can always turn it back on
if they need to (including through enterprise policy if corporate
services are stuck). That's still inadvisable; ultimately, we'd like
to ensure that TLS 1.2 or higher is always used.
Thanks.
Incidentally, why do I not see Martin's response (above) under
<https://groups.google.com/d/msg/mozilla.dev.platform/8EFRYDR3N1c/dFbOCAqaBAAJ>?
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
