Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Cerca nel supporto

Attenzione alle mail truffa. Mozilla non chiederà mai di chiamare o mandare messaggi a un numero di telefono o di inviare dati personali. Segnalare qualsiasi attività sospetta utilizzando l'opzione “Segnala abuso”.

Learn More

Questa discussione è archiviata. Inserire una nuova richiesta se occorre aiuto.

Behavior for security.tls.version.fallback, max and min

  • 2 risposte
  • 6 hanno questo problema
  • 1 visualizzazione
  • Ultima risposta di DSakura

DSakura
DSakura
more options

Hi folks, I have a question about this combination in config: security.tls.version.fallback-limit = 3

security.tls.version.max = 3

security.tls.version.min = 1

All of those are default in FF 48.0.2 .

According to KB, FF should allow TLS 1.0, 1.1 and 1.2, and fallback is not allowed from TLS 1.2.

Here is my question: if the server only supports TLS 1.0, what will FF do? Refuse it or happily connect to the server?

Hi folks, I have a question about this combination in config: security.tls.version.fallback-limit = 3 security.tls.version.max = 3 security.tls.version.min = 1 All of those are default in FF 48.0.2 . According to KB, FF should allow TLS 1.0, 1.1 and 1.2, and fallback is not allowed from TLS 1.2. Here is my question: if the server only supports TLS 1.0, what will FF do? Refuse it or happily connect to the server?

Modificato da DSakura il

Soluzione scelta

Firefox 48 can connect with servers that only advertise support for TLS 1.0 (assuming they use a valid certificate and ciphers that Firefox considers acceptable).

"Fallback" is a process where the server advertises support for TLS 1.2 but Firefox is unable to connect using TLS 1.2 for some reason, so Firefox used to try TLS 1.1, 1.0, even SSLv3. Since that kind of fallback can be triggered by an untrusted intermediary, it is no longer supported.

Leggere questa risposta nel contesto 👍 3

Tutte le risposte (2)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Soluzione scelta

Firefox 48 can connect with servers that only advertise support for TLS 1.0 (assuming they use a valid certificate and ciphers that Firefox considers acceptable).

"Fallback" is a process where the server advertises support for TLS 1.2 but Firefox is unable to connect using TLS 1.2 for some reason, so Firefox used to try TLS 1.1, 1.0, even SSLv3. Since that kind of fallback can be triggered by an untrusted intermediary, it is no longer supported.

DSakura
DSakura Utente che ha posto la domanda
more options

jscher2000 said

Firefox 48 can connect with servers that only advertise support for TLS 1.0 (assuming they use a valid certificate and ciphers that Firefox considers acceptable). "Fallback" is a process where the server advertises support for TLS 1.2 but Firefox is unable to connect using TLS 1.2 for some reason, so Firefox used to try TLS 1.1, 1.0, even SSLv3. Since that kind of fallback can be triggered by an untrusted intermediary, it is no longer supported.

Thank you for explaining fallback. I got some misunderstanding on that word :/

I will promote the answer a bit later since I am busy now.

Thanks again!