TLS 1.1 (or above) support is now critical due to the latest RC4 attacks. When will it be available?
Best practice currently recommends prioritizing RC4 on the server for SSL3/TLS1.0. E.g. see: https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf
The reason is because of the well known BEAST attack, block ciphers are no longer considered secure for SSL3/TLS1.0.
However, the latest research is indicating that RC4 is now also broken, with practical attacks probably not too far off. E.g. see: http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
This is not at issue in TLS1.1 and above. Unfortunately Firefox does not support anything above TLS1.0. This leaves users in a potentially very dangerous position.
I know this has been asked before, but I haven't actually seen an answer: When will firefox support TLS1.1 and/or TLS1.2?
Many thanks
الحل المُختار
Hello,
please see this bug for latest updates on TLS 1.1 implementation.
This is a user support forum. Please add yourself to the CC list of that bug by first signing up here: https://bugzilla.mozilla.org/createaccount.cgi and then opening the bug and clicking on Save changes.
Read this answer in context 👍 7All Replies (2)
الحل المُختار
Hello,
please see this bug for latest updates on TLS 1.1 implementation.
This is a user support forum. Please add yourself to the CC list of that bug by first signing up here: https://bugzilla.mozilla.org/createaccount.cgi and then opening the bug and clicking on Save changes.
Please do not comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
You can vote instead to show your interest