为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Three years on: When will we see TLS1.1 and TLS1.2 in Firefox?

  • 3 个回答
  • 24 人有此问题
  • 21 次查看
  • 最后回复者为 Hiawatha

more options

So three years on we still appear to be waiting for an answer!

My FF17 still only has options for SSL3.0 and TLS1.0 so presumably the 'Bug' 565047 and 480514 are still in the process of being resolved?

The problem is in the meantime, is that the recently the PCI people started flagging up BEAST as a FAIL. Other assessors may have already been doing this since June 2012 or earlier, but ours has just started it since their last report. Organisations wishing to be compliant must remove or disable certain ciphers from the server, forcing the connecting browser to use RC4. (Some assessors will permit prioritising but ours will fail us and force us to appeal after every assessment). We know FF supports RC4 so that's no problem, but pressure is also mounting to ensure that only SSL3.0, and TLS1.1/.12 are enabled at the server to ensure the best security posture and full compliance. For example in Windows 2008RC2 this is neccessary in order to mitigate against BEAST and our understanding is that this is what the MS12-006 patch does.

This means that browser support for TLS1.1 and TLS1.2 is now essential rather than optional. In the current climate we are forced to seriously consider banning and removing browsers that do not support the latest TLS versions from our workstations as these are now being regarded as non-compliant with the latest security standards.

So will someone at Mozilla therefore please answer the question : WHEN will support for TLS1.1 and TLS1.2 be available please?

If it is already available (and we missed it) then how do we ensure it is enable please?

Thanks.

So three years on we still appear to be waiting for an answer! My FF17 still only has options for SSL3.0 and TLS1.0 so presumably the 'Bug' 565047 and 480514 are still in the process of being resolved? The problem is in the meantime, is that the recently the PCI people started flagging up BEAST as a FAIL. Other assessors may have already been doing this since June 2012 or earlier, but ours has just started it since their last report. Organisations wishing to be compliant must remove or disable certain ciphers from the server, forcing the connecting browser to use RC4. (Some assessors will permit prioritising but ours will fail us and force us to appeal after every assessment). We know FF supports RC4 so that's no problem, but pressure is also mounting to ensure that only SSL3.0, and TLS1.1/.12 are enabled at the server to ensure the best security posture and full compliance. For example in Windows 2008RC2 this is neccessary in order to mitigate against BEAST and our understanding is that this is what the MS12-006 patch does. This means that browser support for TLS1.1 and TLS1.2 is now essential rather than optional. In the current climate we are forced to seriously consider banning and removing browsers that do not support the latest TLS versions from our workstations as these are now being regarded as non-compliant with the latest security standards. So will someone at Mozilla therefore please answer the question : WHEN will support for TLS1.1 and TLS1.2 be available please? If it is already available (and we missed it) then how do we ensure it is enable please? Thanks.

所有回复 (3)

more options
more options

Firefox's SSL library (NSS) recently included support for TLS1.1. I thought this would be a perfect time to hear some feedback from Mozilla on this matter. But so far, no TLS1.1 support and not a single word about any planning. Seriously guys, this is a big disgrace. I'm really thinking about moving to Chrome, only because of this single but big issue.

more options

Due to recently discovered problems with RC4, support for TLS 1.1 is crucial! Anybody from Mozilla finally willing to share some thoughts on this matter?