Package: firefox-esr Version: 91.6.0esr-1~deb10u1 Severity: normal Dear Maintainer,
In Firefox, suppose I go to about:config and set security.tls.version.max = 3 which disables TLS 1.3 and leaves TLS 1.2 as the highest security setting. If I check the browser at ssllabs.com, it confirms TLS 1.2 is the highest available protocol and lists the appropriate cipher suites. Yet, a number of websites (e.g. Google, Facebook, Youtube) connect with TLS 1.3 and a new cipher suite; at least, that is what I learn when I click on the lockbox in the address bar. What is going on? I have toggled security.tls.version.fallback-limit between 3 and 4, but it does not seem to make any difference. Also, how does a person choose the cipher suites for TLS 1.3? They do not seem to be listed under security.ssl3 in the about:config settings. -- Package-specific info: -- Extensions information Name: Amazon.com Location: /usr/lib/firefox-esr/browser/omni.ja Package: firefox-esr Status: enabled Name: Bing Location: /usr/lib/firefox-esr/browser/omni.ja Package: firefox-esr Status: enabled Name: Dark theme Location: /usr/lib/firefox-esr/browser/omni.ja Package: firefox-esr Status: user-disabled Name: DoH Roll-Out Location: /usr/lib/firefox-esr/browser/features/doh-roll...@mozilla.org.xpi Package: firefox-esr Status: enabled Name: DuckDuckGo Location: /usr/lib/firefox-esr/browser/omni.ja Package: firefox-esr Status: enabled Name: eBay Location: /usr/lib/firefox-esr/browser/omni.ja Package: firefox-esr Status: enabled Name: Firefox Alpenglow theme Location: /usr/lib/firefox-esr/browser/omni.ja Package: firefox-esr Status: user-disabled Name: Firefox Screenshots Location: /usr/lib/firefox-esr/browser/features/screensh...@mozilla.org.xpi Package: firefox-esr Status: enabled Name: Form Autofill Location: /usr/lib/firefox-esr/browser/features/formautof...@mozilla.org.xpi Package: firefox-esr Status: enabled Name: Google Location: /usr/lib/firefox-esr/browser/omni.ja Package: firefox-esr Status: enabled Name: HTTPS Everywhere Location: ${PROFILE_EXTENSIONS}/https-everywhere-...@eff.org.xpi Status: user-disabled Name: Light theme Location: /usr/lib/firefox-esr/browser/omni.ja Package: firefox-esr Status: user-disabled Name: Picture-In-Picture Location: /usr/lib/firefox-esr/browser/features/pictureinpict...@mozilla.org.xpi Package: firefox-esr Status: enabled Name: Proxy Failover Location: /home/ryan/.mozilla/firefox/dmo9765r.default-esr/features/{1fced3c4-2a9d-408a-a698-e1f3a6bb7717}/proxy-failo...@mozilla.com.xpi Status: enabled Name: System theme theme Location: /usr/lib/firefox-esr/omni.ja Package: firefox-esr Status: enabled Name: Web Compatibility Interventions Location: /usr/lib/firefox-esr/browser/features/webcom...@mozilla.org.xpi Package: firefox-esr Status: enabled Name: WebCompat Reporter Location: /usr/lib/firefox-esr/browser/features/webcompat-repor...@mozilla.org.xpi Package: firefox-esr Status: user-disabled Name: Wikipedia (en) Location: /usr/lib/firefox-esr/browser/omni.ja Package: firefox-esr Status: enabled -- Addons package information ii firefox-esr 91.6.0esr-1~deb10u1 amd64 Mozilla Firefox web browser - Extended Support Release (ESR) -- System Information: Debian Release: 10.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firefox-esr depends on: ii debianutils 4.8.6.1 ii fontconfig 2.13.1-2 ii libatk1.0-0 2.30.0-2 ii libc6 2.28-10 ii libcairo-gobject2 1.16.0-4+deb10u1 ii libcairo2 1.16.0-4+deb10u1 ii libdbus-1-3 1.12.20-0+deb10u1 ii libdbus-glib-1-2 0.110-4 ii libevent-2.1-6 2.1.8-stable-4 ii libffi6 3.2.1-9 ii libfontconfig1 2.13.1-2 ii libfreetype6 2.9.1-3+deb10u2 ii libgcc1 1:8.3.0-6 ii libgdk-pixbuf2.0-0 2.38.1+dfsg-1 ii libglib2.0-0 2.58.3-2+deb10u3 ii libgtk-3-0 3.24.5-1 ii libpango-1.0-0 1.42.4-8~deb10u1 ii libstdc++6 8.3.0-6 ii libx11-6 2:1.6.7-1+deb10u2 ii libx11-xcb1 2:1.6.7-1+deb10u2 ii libxcb-shm0 1.13.1-2 ii libxcb1 1.13.1-2 ii libxcomposite1 1:0.4.4-2 ii libxdamage1 1:1.1.4-3+b3 ii libxext6 2:1.3.3-1+b2 ii libxfixes3 1:5.0.3-1 ii libxrender1 1:0.9.10-1 ii procps 2:3.3.15-2 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages firefox-esr recommends: ii libavcodec58 7:4.1.8-0+deb10u1 Versions of packages firefox-esr suggests: ii fonts-lmodern 2.004.5-6 pn fonts-stix | otf-stix <none> ii libcanberra0 0.30-7 ii libgssapi-krb5-2 1.17-3+deb10u3 ii pulseaudio 12.2-4+deb10u1 -- no debconf information