Security.tls.version.*: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
(→‎SeaMonkey: bug 884449 adding the TLS 1.2 box has landed)
(→‎Related bugs: Bug 1250568 added: enables TLS 1.3 starting in Fx49/mozilla49)
 
(4 intermediate revisions by one other user not shown)
Line 15: Line 15:


===0===
===0===
SSL 3.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the minimum required version.)  
SSL 3.0 is the minimum required / maximum supported encryption protocol. (Default up to FF/TB 33.0 and SM 2.30 for minimum version.)


===1===
===1===
TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.)
TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the minimum required version.)


===2===
===2===
Line 24: Line 24:


===3===
===3===
TLS 1.2 is the minimum required / maximum supported encryption protocol. (Not supported in Firefox 23.0 and SeaMonkey 2.20.)
TLS 1.2 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.)


==Caveats==
==Caveats==
* These preferences replace the deprecated security.enable_ssl3 and security.enable_tls boolean settings. Upon upgrade, the '''old preferences are not automatically migrated'''.  Instead, the user has to reinstate any limitations such as prohibiting fallback to SSL 3.0 (in this case by setting security.tls.version.min to 1, indicating TLS 1.0 being the minimum required protocol).
* These preferences replace the deprecated security.enable_ssl3 and security.enable_tls boolean settings. Upon upgrade, the '''old preferences are not automatically migrated'''.  Instead, the user has to reinstate any limitations such as prohibiting fallback to SSL 3.0 (in this case by setting security.tls.version.min to 1, indicating TLS 1.0 being the minimum required protocol).
* It is not possible to skip intermediate protocols. For example, supporting SSL 3.0 and TLS 1.1 implies that TLS 1.0 is supported as well.
* It is not possible to skip intermediate protocols. For example, supporting SSL 3.0 and TLS 1.1 implies that TLS 1.0 is supported as well.
* There is currently no fallback from TLS 1.1/1.2 to earlier protocols. Thus, selecting security.tls.version.max = 2 (or 3) for TLS 1.1 (or 1.2) support results in the connection failing when the server connected to doesn't support that version. Once the fallback is implemented, the default for security.tls.version.max will be changed to 3 to utilize the most recent TLS 1.2 version by default.  
* After an exploit of the SSL 3.0 protocol ([http://en.wikipedia.org/wiki/POODLE POODLE]), SSL 3.0 is disabled by default starting with Gecko 34. Legacy websites no supporting TLS 1.x may still require it, thus you may want to reenable it if needed by such a site, ''but'' keep in mind that it may open you to attacks.


==UI==
==UI==
===Mozilla Firefox===
===Firefox===
The UI for selecting the required range of encryption protocols has been removed in Firefox 23.0 and later, thus you'll need to change them in [[About:config#Opening_about:config|about:config]].
The UI for selecting the required range of encryption protocols has been removed in Firefox 23.0 and later, thus you'll need to change them in [[About:config#Opening_about:config|about:config]].


Line 55: Line 55:
* [https://bugzilla.mozilla.org/show_bug.cgi?id=839310 Bug 839310 - Add insecure fallback from TLS 1.1 → TLS 1.0]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=839310 Bug 839310 - Add insecure fallback from TLS 1.1 → TLS 1.0]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=480514 Bug 480514 - Implement TLS 1.2]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=480514 Bug 480514 - Implement TLS 1.2]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1076983 Bug 1076983 - (POODLE) Padding oracle attack on SSL 3.0]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1250568 Bug 1250568 - Allow enabling TLS 1.3]


==See also==
==See also==

Latest revision as of 09:26, 9 July 2016

Background

The Secure Socket Layer protocol (SSL) and its successor, the Transport Layer Security protocol (TLS), define how a browser or e-mail client communicates with a server using an encrypted connection or data stream. There are various versions of this protocol where TLS can be thought of as the continuation of SSL with a new numbering scheme. Versions used between the client software and the server have to match, thus both sides have to support at least one common version.

SSL 3.0 is currently the lowest accepted encryption protocol, TLS 1.2 the highest defined. TLS 1.0 is the equivalent of a hypothetical SSL 3.1 version, TLS 1.1 an update to TLS 1.2, etc. Some institutions prohibit the use of SSL 3.0 due to security concerns, thus it has to be disabled. TLS 1.2 support has been added with NSS 3.15.1 for Gecko 24.0. TLS 1.1 and TLS 1.2 are not yet widely supported by many servers, and need finalization of some components in the Mozilla backend, thus SSL 3.0 and TLS 1.0 are currently supported by default.

You can disable SSL 3.0 or enable TLS 1.1/1.2 by using these preferences, or enforce the use of a specific protocol version. At initiation of a secure connection, the highest selected version (maximum supported protocol) will be attempted first. If support by the server isn't indicated or the attempt fails, the next lower version will be attempted until the lowest allowed version (minimum required protocol) is reached (see however Caveats for TLS 1.1/1.2 fallback handling). If it fails as well, the connection eventually fails with an error.

Possible values and their effects

Both security.tls.version.min and security.tls.version.max can currently range from 0 to 3, which will be extended once further protocol versions are supported. Together, the two preferences specify the range of protocols which are supported:

  • security.tls.version.min specifies the minimum required protocol version (thus, the lowest version allowed to fall back to when higher versions are not available).
  • security.tls.version.max specifies the maximum supported protocol version (thus, the highest version to initiate a connection with before falling back to lower versions).

If security.tls.version.min and security.tls.version.max are equal, only one protocol version will be supported. The behavior is undefined if security.tls.version.min is larger than the security.tls.version.max value.

0

SSL 3.0 is the minimum required / maximum supported encryption protocol. (Default up to FF/TB 33.0 and SM 2.30 for minimum version.)

1

TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the minimum required version.)

2

TLS 1.1 is the minimum required / maximum supported encryption protocol.

3

TLS 1.2 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.)

Caveats

  • These preferences replace the deprecated security.enable_ssl3 and security.enable_tls boolean settings. Upon upgrade, the old preferences are not automatically migrated. Instead, the user has to reinstate any limitations such as prohibiting fallback to SSL 3.0 (in this case by setting security.tls.version.min to 1, indicating TLS 1.0 being the minimum required protocol).
  • It is not possible to skip intermediate protocols. For example, supporting SSL 3.0 and TLS 1.1 implies that TLS 1.0 is supported as well.
  • After an exploit of the SSL 3.0 protocol (POODLE), SSL 3.0 is disabled by default starting with Gecko 34. Legacy websites no supporting TLS 1.x may still require it, thus you may want to reenable it if needed by such a site, but keep in mind that it may open you to attacks.

UI

Firefox

The UI for selecting the required range of encryption protocols has been removed in Firefox 23.0 and later, thus you'll need to change them in about:config.

SeaMonkey

SeaMonkey continues to provide a UI in the Edit → Preferences → Privacy & Security → SSL tab. A third box for TLS 1.1 has been added with version 2.20, and another box for TLS 1.2 with SeaMonkey 2.21; the logic disallows selection of protocol combinations not supported by these preferences. (There is a forum thread discussing the UI variants.)

Thunderbird

Thunderbird doesn't offer any UI for these options, thus you'll have to use the Config Editor to change them.

First checked in

2013-04-12 by Brian Smith

Has an effect in

  • Firefox and Thunderbird (nightly trunk builds since 2013-04-13; 23.0a1 and later)
  • SeaMonkey (nightly trunk builds since 2013-04-13; 2.20a1 and later)

Related bugs

See also

External links