Beginning March, when Firefox 74 is set to arrive in the release channel, Mozilla will disable older Transport Layer Security (TLS) protocol versions as default options for secure connections.
An improvement over the Secure Sockets Layer (SSL) protocol, TLS is meant to improve the security of the Web, but flaws and weaknesses in older iterations, specifically TLS 1.0 and TLS 1.1, render connections vulnerable to attacks such as BEAST, CRIME and POODLE.
The newer TLS 1.2 and TLS 1.3 versions are both faster and safer, and major browser vendors have already laid out plans to deprecate the older releases to ensure the security of their users.
Mozilla has already introduced the change in Firefox Beta 73, in which the minimum TLS version allowable by default is TLS 1.2. Users shouldn’t notice any connection errors when accessing websites that support TLS 1.2 and up.
However, because TLS version mismatches might appear if websites do not include support for the newer versions of the protocol, users are provided with the option to fallback to TLS 1.0 or TLS 1.1, via an override button on the error page.
“As a user, you will have to actively initiate this override. But the override button offers you a choice. You can, of course, choose not to connect to sites that don’t offer you the best possible security,” Thyla van der Merwe, cryptography engineering manager at Mozilla, notes in a blog post.
Van der ..
Support the originator by clicking the read the rest link below.
