From MozillaZine Knowledge Base
(Redirected from Security.tls.version)
The Secure Socket Layer protocol (SSL) and its successor, the Transport Layer Security protocol (TLS), define how a browser or e-mail client communicates with a server using an encrypted connection or data stream. There are various versions of this protocol where TLS can be thought of as the continuation of SSL with a new numbering scheme. Versions used between the client software and the server have to match, thus both sides have to support at least one common version.
SSL 3.0 is currently the lowest accepted encryption protocol, TLS 1.2 the highest defined. TLS 1.0 is the equivalent of a hypothetical SSL 3.1 version, TLS 1.1 an update to TLS 1.2, etc. Some institutions prohibit the use of SSL 3.0 due to security concerns, thus it has to be disabled. TLS 1.2 support has been added with NSS 3.15.1 for Gecko 24.0. TLS 1.1 and TLS 1.2 are not yet widely supported by many servers, and need finalization of some components in the Mozilla backend, thus SSL 3.0 and TLS 1.0 are currently supported by default.
You can disable SSL 3.0 or enable TLS 1.1/1.2 by using these preferences, or enforce the use of a specific protocol version. At initiation of a secure connection, the highest selected version (maximum supported protocol) will be attempted first. If support by the server isn't indicated or the attempt fails, the next lower version will be attempted until the lowest allowed version (minimum required protocol) is reached (see however Caveats for TLS 1.1/1.2 fallback handling). If it fails as well, the connection eventually fails with an error.
Possible values and their effects
Both security.tls.version.min and security.tls.version.max can currently range from 0 to 3, which will be extended once further protocol versions are supported. Together, the two preferences specify the range of protocols which are supported:
If security.tls.version.min and security.tls.version.max are equal, only one protocol version will be supported. The behavior is undefined if security.tls.version.min is larger than the security.tls.version.max value.
SSL 3.0 is the minimum required / maximum supported encryption protocol. (Default up to FF/TB 33.0 and SM 2.30 for minimum version.)
TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the minimum required version.)
TLS 1.1 is the minimum required / maximum supported encryption protocol.
TLS 1.2 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.)
The UI for selecting the required range of encryption protocols has been removed in Firefox 23.0 and later, thus you'll need to change them in about:config.
SeaMonkey continues to provide a UI in the Edit → Preferences → Privacy & Security → SSL tab. A third box for TLS 1.1 has been added with version 2.20, and another box for TLS 1.2 with SeaMonkey 2.21; the logic disallows selection of protocol combinations not supported by these preferences. (There is a forum thread discussing the UI variants.)
Thunderbird doesn't offer any UI for these options, thus you'll have to use the Config Editor to change them.
First checked in
Has an effect in