Mozilla Hacks

It’s the Boot for TLS 1.0 and TLS 1.1

By Thyla van der Merwe

Posted on February 6, 2020 in Featured Article, Firefox Releases, and Security

Editor’s Update: June 24, 11:40am PDT – We will be moving ahead with disabling TLS 1.0 and TLS 1.1 by default in Firefox 78, releasing June 30th. If you see a “Secure Connection Failed” message as displayed in the post below, then hit the button to re-enable TLS 1.0 and TLS 1.1. You should only need to hit this button once, the change will be global.

Earlier Update: March 23, 10:43am PDT – We have re-enabled TLS 1.0 and 1.1 in Firefox 74 and 75 Beta to better enable access to sites sharing critical and important information during this time.

Coming to a Firefox near you in March

The Transport Layer Security (TLS) protocol is the de facto means for establishing security on the Web. The protocol has a long and colourful history, starting with its inception as the Secure Sockets Layer (SSL) protocol in the early 1990s, right up until the recent release of the jazzier (read faster and safer) TLS 1.3. The need for a new version of the protocol was born out of a desire to improve efficiency and to remedy the flaws and weaknesses present in earlier versions, specifically in TLS 1.0 and TLS 1.1. See the BEAST, CRIME and POODLE attacks, for example.

With limited support for newer, more robust cryptographic primitives and cipher suites, it doesn’t look good for TLS 1.0 and TLS 1.1. With the safer TLS 1.2 and TLS 1.3 at our disposal to adequately project web traffic, it’s time to move the TLS ecosystem into a new era, namely one which doesn’t support weak versions of TLS by default. This has been the abiding sentiment of browser vendors – Mozilla, Google, Apple and Microsoft have committed to disabling TLS 1.0 and TLS 1.1 as default options for secure connections. In other words, browser clients will aim to establish a connection using TLS 1.2 or higher. For more on the rationale behind this decision, see our earlier blog post on the subject.

What does this look like in Firefox?

We deployed this in Firefox Nightly, the experimental version of our browser, towards the end of 2019. It is now also available in Firefox Beta 73. In Firefox, this means that the minimum TLS version allowable by default is TLS 1.2. This has been executed in code by setting security.tls.version.min=3, a preference indicating the minimum TLS version supported. Previously, this value was set to 1. If you’re connecting to sites that support TLS 1.2 and up, you shouldn’t notice any connection errors caused by TLS version mismatches.

What if a site only supports lower versions of TLS?

In cases where only lower versions of TLS are supported, i.e., when the more secure TLS 1.2 and TLS 1.3 versions cannot be negotiated, we allow for a fallback to TLS 1.0 or TLS 1.1 via an override button. As a Firefox user, if you find yourself in this position, you’ll see this:

screenshot showing "Secure Connection Failed" message that allows user to override the TLS 1.0 and 1.1 deprecation

As a user, you will have to actively initiate this override. But the override button offers you a choice. You can, of course, choose not to connect to sites that don’t offer you the best possible security.

This isn’t ideal for website operators. We would like to encourage operators to upgrade their servers so as to offer users a secure experience on the Web. We announced our plans regarding TLS 1.0 and TLS 1.1 deprecation over a year ago, in October 2018, and now the time has come to make this change. Let’s work together to move the TLS ecosystem forward.

Deprecation timeline

We plan to monitor telemetry over two Firefox Beta cycles, and then we’re going to let this change ride to Firefox Release. So, expect Firefox 74 to offer TLS 1.2 as its minimum version for secure connections when it ships on 10 March 2020. We plan to keep the override button for now; the telemetry we’re collecting will tell us more about how often this button is used. These results will then inform our decision regarding when to remove the button entirely. It’s unlikely that the button will stick around for long. We’re committed to completely eradicating weak versions of TLS because at Mozilla we believe that user security should not be treated as optional.

Again, we would like to stress the importance of upgrading web servers over the coming months, as we bid farewell to TLS 1.0 and TLS 1.1. R.I.P, you’ve served us well.

About Thyla van der Merwe

Cryptography Engineering Manager at Mozilla.

More articles by Thyla van der Merwe…

6 comments

  1. Yuhong Bao

    OT, but I am thinking about the TLS 1.3 middlebox “telemetry” right now. I wonder if user choice would be the right solution.

    February 6th, 2020 at 19:41

  2. Alexandre Leduc

    “So, expect Firefox 74 to offer TLS 1.2 as its minimum version for secure connections when it ships on 10 March 2020.”

    Are you decreasing the amount of time between releases? March 10 is a month away and version 73 has not been released yet.

    February 8th, 2020 at 08:16

    1. Thyla van der Merwe

      Yes, our release cycle has shifted from 6 to 4 weeks.

      February 10th, 2020 at 03:11

  3. custom.firefox.lady

    Ran into this issue once already. Would have been nice to be able to enable TLS 1.0 and TLS 1.1 *just this once for one site*. I decided it wasn’t worth digging around to find the pref, changing it and then changing it back.

    February 8th, 2020 at 19:17

    1. Thyla van der Merwe

      During this transition phase, it’s important to allow for a fallback to TLS 1.0 and TLS 1.1 as website operators upgrade their servers. We decided on a global fallback.

      February 10th, 2020 at 03:51

      1. Tim Fisher

        Sometimes people are in a hurry and don’t read the message. They just click through, and the message is globally disabled forever. There should be additional opportunities to present this information to the user, but without nagging them.

        February 11th, 2020 at 05:47

Comments are closed for this article.