Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

I can’t change the min and max TLS versions with either policies.json or mozilla.cfg

more options

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lockPref(“security.tls.version.max”,”3”), it is still 4 in about:config for some reason. If I set the min version to 2, it is still 3. This also doesn’t work if I use “SSLVersionMin”: “tls1.2” how can I fix this issue? Thank you in advance!

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lockPref(“security.tls.version.max”,”3”), it is still 4 in about:config for some reason. If I set the min version to 2, it is still 3. This also doesn’t work if I use “SSLVersionMin”: “tls1.2” how can I fix this issue? Thank you in advance!

Keazen oplossing

The values you want are already the default values. Here are the valid values for security.tls.version.max and security.tls.version.min:

1 => TLS 1.0 2 => TLS 1.1 3 => TLS 1.2 4 => TLS 1.3

You can verify the effect of changes using: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html


But if you need to lock them:

For policies.json:

You need to use SSLVersionMax and SSLVersionMin as described on https://github.com/mozilla/policy-templates#sslversionmax

That is because the Preferences policy does not allow setting security.* preferences

General reference: Customize Firefox using policies.json

For Autoconfig:

Is your setup working at all -- the only problem is with the two preferences? See: Customize Firefox using AutoConfig

Dit antwurd yn kontekst lêze 👍 0

Alle antwurden (6)

more options

Keazen oplossing

The values you want are already the default values. Here are the valid values for security.tls.version.max and security.tls.version.min:

1 => TLS 1.0 2 => TLS 1.1 3 => TLS 1.2 4 => TLS 1.3

You can verify the effect of changes using: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html


But if you need to lock them:

For policies.json:

You need to use SSLVersionMax and SSLVersionMin as described on https://github.com/mozilla/policy-templates#sslversionmax

That is because the Preferences policy does not allow setting security.* preferences

General reference: Customize Firefox using policies.json

For Autoconfig:

Is your setup working at all -- the only problem is with the two preferences? See: Customize Firefox using AutoConfig

more options

The TLS has been at minimum 1.2 since the Fx 78 Release. https://www.mozilla.org/firefox/78.0/releasenotes/

We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.

https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/


Whoops, thought this was a Thunderbird question at the time though the change of disabling TLS 1.0 and TLS 1.1 was made in Tb 78.0 also.

Bewurke troch James op

more options

We have a patch to clean these up a bit. Should be clearer in the next policy update.

more options

jscher2000 - Support Volunteer said

The values you want are already the default values. Here are the valid values for security.tls.version.max and security.tls.version.min: 1 => TLS 1.0 2 => TLS 1.1 3 => TLS 1.2 4 => TLS 1.3 You can verify the effect of changes using: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

But if you need to lock them:

For policies.json:

You need to use SSLVersionMax and SSLVersionMin as described on https://github.com/mozilla/policy-templates#sslversionmax

That is because the Preferences policy does not allow setting security.* preferences

General reference: Customize Firefox using policies.json

For Autoconfig:

Is your setup working at all -- the only problem is with the two preferences? See: Customize Firefox using AutoConfig

Thank you! That definitely makes sense then since that lines up with what I want. I do need to lock them, so I’ll use those two policies. It works when I use that site as well. As for Autoconfig, my setup is working aside from those two preferences, although they’re fine anyway as is.


James said

The TLS has been at minimum 1.2 since the Fx 78 Release. https://www.mozilla.org/firefox/78.0/releasenotes/
We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.

https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/


Whoops, thought this was a Thunderbird question at the time though the change of disabling TLS 1.0 and TLS 1.1 was made in Tb 78.0 also.

Oh okay that makes sense! It’s good that my TLS versions are working as expected then. Thank you!

Mike Kaply said

We have a patch to clean these up a bit. Should be clearer in the next policy update.

That’s good to hear. That’s a very helpful change for sure! Thank you!

more options

Note that your question shows Unicode quotes (“;201c) and not normal quotes ("), so I'm not sure if this would work at all if you use this in the autoconfig.cfg file and not merely in your question.

  • lockPref(“security.tls.version.max”,”3”)
more options

cor-el said

Note that your question shows Unicode quotes (“;201c) and not normal quotes ("), so I'm not sure if this would work at all if you use this in the autoconfig.cfg file and not merely in your question.
  • lockPref(“security.tls.version.max”,”3”)

Oh okay that makes sense. I will change that to normal quotes then. Thank you!