We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

TLS 1.0 and TLS 1.1 support

more options

Dear support team,

hope you are well in these difficult times. My question concerns the support of TLS 1.0 and 1.1. I have a rather old Netgear NAS within my network but it runs quite well. Access to it's web site requires one of the above TLS versions. Netgear has discontinued support for this device. I have found some web content which describes changing the TLS version in "about:config" of FireFox. Changing this parameter worked well already.

How long will Mozilla provide these configuration parameters "security.tls.version.max" and "security.tls.version.min" in "about:config"? If ending availability of older TLS versions in FireFox, I will not be able to run my NAS any more - a very expensive consequence I think (NAS migration).

Thanks a lot in advance, stay safe

Guenther Gredy

Dear support team, hope you are well in these difficult times. My question concerns the support of TLS 1.0 and 1.1. I have a rather old Netgear NAS within my network but it runs quite well. Access to it's web site requires one of the above TLS versions. Netgear has discontinued support for this device. I have found some web content which describes changing the TLS version in "about:config" of FireFox. Changing this parameter worked well already. How long will Mozilla provide these configuration parameters "security.tls.version.max" and "security.tls.version.min" in "about:config"? If ending availability of older TLS versions in FireFox, I will not be able to run my NAS any more - a very expensive consequence I think (NAS migration). Thanks a lot in advance, stay safe Guenther Gredy

All Replies (3)

more options

Note that there is also this pref to enable TLS 1.0 and 1.1 without the need to change the security.tls.version.min pref.

  • security.tls.version.enable-deprecated
more options

See also these bug reports.

  • Bug 1579285 - Offer to re-enable TLS 1.0 and 1.1 on TLS version failure
  • Bug 1590935 - Offer to re-enable TLS 1.0 on SSL_ERROR_PROTOCOL_VERSION_ALERT

(please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
)

more options

Thank you very much for your answer, very helpful!

Will Mozilla keep these parameters and the related piece of TLS-code? As I understood that is a temporary solution. The answer to this question is very important concerning the migration strategy for my NAS.

Imagine the following use case. The parameter "security.tls.version.enable-deprecated" is set to "false" and there are three web sites, one with TLS 1.0, one with TLS 1.1 and the third with TLS 1.3. Does FireFox negotiate the highest possible security level individually with each web site? From my point of view this would be the most elegant long term strategy. A user has two possibilities: 1. Stay with the device because the manufacturer has stopped support and does not offer a TLS version migration (my situation); FireFox uses one of the older TLS versions. 2. Migrate the device's TLS version by updating it's firmware offered by the manufacturer; FireFox will use the most secure TLS version.

If this is already possible, I would appreciate giving me an example of how to configure the TLS related parameters in "about:config".

Thanks, BR Guenther