The values you want are already the default values. Here are the valid values for security.tls.version.max and security.tls.version.min:

1 => TLS 1.0 2 => TLS 1.1 3 => TLS 1.2 4 => TLS 1.3

You can verify the effect of changes using: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

But if you need to lock them:

For policies.json:

You need to use SSLVersionMax and SSLVersionMin as described on https://github.com/mozilla/policy-templates#sslversionmax

That is because the Preferences policy does not allow setting security.* preferences

General reference: Customize Firefox using policies.json

For Autoconfig:

Is your setup working at all -- the only problem is with the two preferences? See: Customize Firefox using AutoConfig

The TLS has been at minimum 1.2 since the Fx 78 Release. https://www.mozilla.org/firefox/78.0/releasenotes/

We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.

https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/

Whoops, thought this was a Thunderbird question at the time though the change of disabling TLS 1.0 and TLS 1.1 was made in Tb 78.0 also.

We have a patch to clean these up a bit. Should be clearer in the next policy update.

The values you want are already the default values. Here are the valid values for security.tls.version.max and security.tls.version.min: 1 => TLS 1.0 2 => TLS 1.1 3 => TLS 1.2 4 => TLS 1.3 You can verify the effect of changes using: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

---

But if you need to lock them:

For policies.json:

You need to use SSLVersionMax and SSLVersionMin as described on https://github.com/mozilla/policy-templates#sslversionmax

That is because the Preferences policy does not allow setting security.* preferences

General reference: Customize Firefox using policies.json

For Autoconfig:

Is your setup working at all -- the only problem is with the two preferences? See: Customize Firefox using AutoConfig

Thank you! That definitely makes sense then since that lines up with what I want. I do need to lock them, so I’ll use those two policies. It works when I use that site as well. As for Autoconfig, my setup is working aside from those two preferences, although they’re fine anyway as is.

The TLS has been at minimum 1.2 since the Fx 78 Release. https://www.mozilla.org/firefox/78.0/releasenotes/

We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.

https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/

Whoops, thought this was a Thunderbird question at the time though the change of disabling TLS 1.0 and TLS 1.1 was made in Tb 78.0 also.

Oh okay that makes sense! It’s good that my TLS versions are working as expected then. Thank you!

We have a patch to clean these up a bit. Should be clearer in the next policy update.

That’s good to hear. That’s a very helpful change for sure! Thank you!

Note that your question shows Unicode quotes (“;201c) and not normal quotes ("), so I'm not sure if this would work at all if you use this in the autoconfig.cfg file and not merely in your question.

• lockPref(“security.tls.version.max”,”3”)

Note that your question shows Unicode quotes (“;201c) and not normal quotes ("), so I'm not sure if this would work at all if you use this in the autoconfig.cfg file and not merely in your question.

• lockPref(“security.tls.version.max”,”3”)

Oh okay that makes sense. I will change that to normal quotes then. Thank you!