TLS use

fixit7 · Post by **fixit7** » June 18th, 2018, 9:36 am

If I have TLS 1.0,1.1, and 1.2 checked off, will my browser use the most secure version whenever it connnects?

Thanks.

frg · Post by **frg** » June 18th, 2018, 10:01 am

no. TLS 1.3 is disabled by default for now in SeaMonkey 2.49. Let TLS 1.1 and TLS 1.2 be checked.

fixit7 · Post by **fixit7** » June 18th, 2018, 12:58 pm

Thanks.

Post by **James** » June 18th, 2018, 2:33 pm

Firefox 59.0 and later supports TLS 1.3 though 60.0 has it enabled by default. https://www.mozilla.org/firefox/60.0/releasenotes/

Firefox has supported TLS 1.2 by default since Firefox 27.0 Release (Feb 4, 2014) (or any SeaMonkey using Gecko 27.0 or later) as per Bug#861266

therube · Post by **therube** » June 19th, 2018, 9:42 am

(Presumably) a browser will negotiate the highest security level available?

While you may not want to use a lessor level, there are still sites about that still don't support higher levels, so if you disable the lower levels, you also won't be able to load those sites. (If that is not a concern...)

Likewise, the number of sites supporting 1.3, the uptake of 1.3 would be limited at this time, so by not having it enabled, presently, isn't such a big concern. (And obviously that will change over time.)

Anonymosity · Post by **Anonymosity** » June 19th, 2018, 12:30 pm

If I set TLS max in about:config to 4 (which would be for 1.3), will SeaMonkey simply ignore that, or use 1.3?

frg · Post by **frg** » June 19th, 2018, 12:53 pm

It should work but I am not sure what was the cause leading to disabling it. We disabled it following Fx 52. I think at this time there was a potential security problem with it and not sure if code changed in later Gecko releases.

https://bugzilla.mozilla.org/show_bug.cgi?id=1342082
https://bugzilla.mozilla.org/show_bug.cgi?id=1342752

TLS use

TLS use

Re: TLS use

Re: TLS use

Re: TLS use

Re: TLS use

Re: TLS use

Re: TLS use