Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Przeszukaj pomoc

Unikaj oszustw związanych z pomocą.Nigdy nie będziemy prosić Cię o dzwonienie na numer telefonu, wysyłanie SMS-ów ani o udostępnianie danych osobowych. Zgłoś podejrzaną aktywność, korzystając z opcji „Zgłoś nadużycie”.

Learn More

Wątek został zarchiwizowany. Jeśli potrzebujesz pomocy, zadaj nowe pytanie.

TLS 1.1 (or above) support is now critical due to the latest RC4 attacks. When will it be available?

  • 2 odpowiedzi
  • 22 osoby mają ten problem
  • 8 wyświetleń
  • Ostatnia odpowiedź od cor-el

CrypticHorizon
CrypticHorizon
more options

Best practice currently recommends prioritizing RC4 on the server for SSL3/TLS1.0. E.g. see: https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf

The reason is because of the well known BEAST attack, block ciphers are no longer considered secure for SSL3/TLS1.0.

However, the latest research is indicating that RC4 is now also broken, with practical attacks probably not too far off. E.g. see: http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html

This is not at issue in TLS1.1 and above. Unfortunately Firefox does not support anything above TLS1.0. This leaves users in a potentially very dangerous position.

I know this has been asked before, but I haven't actually seen an answer: When will firefox support TLS1.1 and/or TLS1.2?

Many thanks

Best practice currently recommends prioritizing RC4 on the server for SSL3/TLS1.0. E.g. see: https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf The reason is because of the well known BEAST attack, block ciphers are no longer considered secure for SSL3/TLS1.0. However, the latest research is indicating that RC4 is now also broken, with practical attacks probably not too far off. E.g. see: http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html This is not at issue in TLS1.1 and above. Unfortunately Firefox does not support anything above TLS1.0. This leaves users in a potentially very dangerous position. I know this has been asked before, but I haven't actually seen an answer: When will firefox support TLS1.1 and/or TLS1.2? Many thanks

Wybrane rozwiązanie

Hello,

please see this bug for latest updates on TLS 1.1 implementation.

This is a user support forum. Please add yourself to the CC list of that bug by first signing up here: https://bugzilla.mozilla.org/createaccount.cgi and then opening the bug and clicking on Save changes.

Przeczytaj tę odpowiedź w całym kontekście 👍 7

Wszystkie odpowiedzi (2)

user66338
user66338
more options

Wybrane rozwiązanie

Hello,

please see this bug for latest updates on TLS 1.1 implementation.

This is a user support forum. Please add yourself to the CC list of that bug by first signing up here: https://bugzilla.mozilla.org/createaccount.cgi and then opening the bug and clicking on Save changes.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Please do not comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
You can vote instead to show your interest