What is the timeline for TLS 1.1 or 1.2 support in firefox?
My employer wants to deploy a webapp that only supports TLS 1.0 and above. Is there a timeline for TLS 1.1 or 1.2 support in Firefox?
IE and others already do.
All Replies (12)
Probably not known.
- Bug 565047 – Implement TLS 1.1 (RFC 4346)
- Bug 480514 – Implement support for TLS 1.2 (RFC 5246)
(please do not comment in bug reports; you can vote instead)
An gyara
Time to fix this issue, and fast... https://blog.torproject.org/blog/tor-and-beast-ssl-attack
I would like to be able to remove Timeline from my FB account. Google Chrome has the facility to do this. Can you do it for Firefox?...I do hope so, I do not like it.....thanks...
I receove Time Line;.I would like to be able to remove Timeline from my FB account. Google Chrome has the facility to do this. Can you do it for Firefox?...I do hope so, I do not like it.....thanks... Help to remove it thank you
Hi joycendavid and chenzee, this thread is not about Facebook timeline. To change how a website works, consider finding an add-on or a userscript:
I can't believe this is still not fixed! Just because you are too lazy to move away from NSS, even though it's been nearly a year since BEAST broke the TLS1.0 protocol!
FIX IT!
syragon, all you did was SPAM that 565047 bug as your comment there was no help at all and can actually have a negative affect in making people who could fix it to decided to spend their valuable time on other bug reports instead in meantime. Also bugzilla is not a discussion forum.
An gyara
If you think using the word "SPAM" in uppercase will negatively defer attention to the TRUTH of the fact that Firefox ONLY supports NSS (Netscape related) security framework layer security, after being breached for nearly a year, you are self-illusioned. SPAM by nature means the spammer has something to market. What am I marketing here? What is in this for me? Nothing other than the honest truth about what is going on in this situation. Therefore I am not a SPAMMER. You fail to see that, and you therefore fall into the same category as the people who fail to do anything about it! What is at risk here is people's identities, financial security and personal information. Firefox claims to be ahead of M$, however IE9 already supports TLS1.1 and yet Mozilla is making excuses. Your best comeback falls short of reality - Mozilla is reliant on outdated framework code. Take it from a Fortune 100 software engineer. And what real-world experience do YOU have? Only when the public makes the truth uncomfortable with Mozilla act, and that is what I am doing. So what do you care about, image, or content?
It was indeed essentially spam because it was not useful, you called them lazy and you caused everybody on CC list to get email spammed (unless they set it otherwise) due to your pointless comment.
I understand there are risks with not fixing this, just that your comment could make things worse in progress of that bug and not better as you may think. You obviously have not used Bugzilla before or followed bugs that have been ignored for a time by those (or one person) who could have provided a patch or such because of comments like your "FIX IT" or demands or attacks or such.
The quickest way to get it fixed is to provide a patch yourself or at least something constructive that can either fix it or help move it much closer to being fixed.
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
1. No pointless comments. Unless you have something constructive and helpful to say, do not add a comment to a bug. In bugs where there is a heated debate going on, you should be even more inclined not to add a comment. Unless you have something new to contribute, then the bug owner is aware of all the issues, and will make a judgement as to what to do. If you agree the bug should be fixed, vote for it. Additional "I see this too" or "It works for me" comments are unnecessary unless they are on a different platform or a significantly different build. Constructive and helpful thoughts unrelated to the topic of the bug should go in the appropriate newsgroup.
2. No obligation. "Open Source" is not the same as "the developers must do my bidding." Everyone here wants to help, but the only person who has any obligation to fix the bugs you want fixed is you. Therefore, you should not act as if you expect someone to fix a bug by a particular date or release. Aggressive or repeated demands will not be received well and will almost certainly diminish the impact and interest in your suggestions.
Nothing other than the honest truth about what is going on in this situation.
The priority for bug 565047 was elevated to P1 (the highest level) on March 30th, a patch was checked in on April 2nd, and a second patch checked in on May 8th. For that reason, "lazy" seems totally out of bounds.
James,
6 years late qualifies as lazy by anyone's standards. It doesn't matter if you push a fix today and deploy the build, it is still a grand case of laziness. I understand the development community is working - but they are working on things they think are important, features, Firefox's multiple account sync, and other items which should have been demoted in favor of core structural integrity issues like these.
My comments serve a strong purpose: to raise attention, elevate the issue, ruffle feathers and make the truth uncomfortable enough so that regardless of the current status, the fix is delivered sooner than previously planned. My comment served such a purpose excellently.
I am a successful business owner, entrepreneur, and fortune 100 software consultant. I'm not a forum troll, or even a forum administrator. You should be begging for the opinion of people like me who actually run the collection of sites and information we call the "Internet".
But what you have here is an argument over ego. You simply will never agree that your much loved Firefox forums should be used for scathing rebuke. However this is where the intelligence fails. Any highly intelligent creatures welcome self criticism. To question one's self is the beginning of wisdom. I do not want you to see things from my point of view, that is not why I am here or why I posted that.
It was posted to ruffle feathers and make the truth of the matter inescapable, blunt, rude and course, but direct. It obviously accomplished that purpose, and I rest my case. Now the burden is truly upon the development community, or I myself like so many others will start to reconsider their long-standing love for this browser.
You simply will never agree that your much loved Firefox forums should be used for scathing rebuke.
There is no shortage of scathing posts on this support forum. The developers' bug tracking system is not a discussion forum.
Edit: I don't want to give the impression that I haven't made the same mistake of posting "me too" comments on bugs. However, having voted on a few and commented on a few, and seeing the volume of emails that those few bugs generated, and then the emails showing people taking themselves off the list to receive updates on the bugs, I have a lot of sympathy for the argument that comments which do not contribute to a solution actually impede progress.
An gyara