Disable TLS 1.0/1.1 #115
Labels
to-do (approved)
Next release to-do
Comments
Techguyprivate
changed the title
|
Both ghacks user.js and pyllyukko have: |
|
I think that Security.tls.version.minimum should be set to 3 to disable TLs 1.0 &1.1 . Setting security.tls.version.max", 4 enables TLS 1.3 . |
|
ghacks user.js has user_pref("security.tls.version.min", 3); commented out (inactive). Pyllyukko sets user_pref("security.tls.version.min", 1); |
|
A few sites still use old TLS versions. |
|
Librefox aims to be secure & private. So it should be disable. Chrome disabled it already. |
|
Thanks for reporting that i will change it in the upcoming update ;) |
intika
changed the title
|
I think minimum should be 1.2. Some sites haven't implemented 1.3 yet. TLS 1.0/1 were upgraded for a reason Sent from my TETRA using FastHub |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I think that it will be good for privacy and security to disable tls 1.0 & 1.1 completely . They are old & vulnerable. They are dangerous, false security.
Setting tls.version.minimum to 3 in about:config does that. But better will be completely removing the entire code. Chrome wants to do it before next year, i.e before 2020. Same for firefox.
Chromiun based browser have already done it.
Example of just a page.
https://webservices.ignou.ac.in/Pre-Question/
The above link or related websites are acessed by millions in India. A open university's websites. I can intercept their enrollment no., date of birth easily which are required to put for exam results, grade card to see. Shit.
The text was updated successfully, but these errors were encountered: