Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

I can’t change the min and max TLS versions with either policies.json or mozilla.cfg

more options

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lockPref(“security.tls.version.max”,”3”), it is still 4 in about:config for some reason. If I set the min version to 2, it is still 3. This also doesn’t work if I use “SSLVersionMin”: “tls1.2” how can I fix this issue? Thank you in advance!

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lockPref(“security.tls.version.max”,”3”), it is still 4 in about:config for some reason. If I set the min version to 2, it is still 3. This also doesn’t work if I use “SSLVersionMin”: “tls1.2” how can I fix this issue? Thank you in advance!

선택된 해결법

The values you want are already the default values. Here are the valid values for security.tls.version.max and security.tls.version.min:

1 => TLS 1.0 2 => TLS 1.1 3 => TLS 1.2 4 => TLS 1.3

You can verify the effect of changes using: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html


But if you need to lock them:

For policies.json:

You need to use SSLVersionMax and SSLVersionMin as described on https://github.com/mozilla/policy-templates#sslversionmax

That is because the Preferences policy does not allow setting security.* preferences

General reference: Customize Firefox using policies.json

For Autoconfig:

Is your setup working at all -- the only problem is with the two preferences? See: Customize Firefox using AutoConfig

문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (6)

more options

선택된 해결법

The values you want are already the default values. Here are the valid values for security.tls.version.max and security.tls.version.min:

1 => TLS 1.0 2 => TLS 1.1 3 => TLS 1.2 4 => TLS 1.3

You can verify the effect of changes using: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html


But if you need to lock them:

For policies.json:

You need to use SSLVersionMax and SSLVersionMin as described on https://github.com/mozilla/policy-templates#sslversionmax

That is because the Preferences policy does not allow setting security.* preferences

General reference: Customize Firefox using policies.json

For Autoconfig:

Is your setup working at all -- the only problem is with the two preferences? See: Customize Firefox using AutoConfig

more options

The TLS has been at minimum 1.2 since the Fx 78 Release. https://www.mozilla.org/firefox/78.0/releasenotes/

We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.

https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/


Whoops, thought this was a Thunderbird question at the time though the change of disabling TLS 1.0 and TLS 1.1 was made in Tb 78.0 also.

글쓴이 James 수정일시

more options

We have a patch to clean these up a bit. Should be clearer in the next policy update.

more options

jscher2000 - Support Volunteer said

The values you want are already the default values. Here are the valid values for security.tls.version.max and security.tls.version.min: 1 => TLS 1.0 2 => TLS 1.1 3 => TLS 1.2 4 => TLS 1.3 You can verify the effect of changes using: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

But if you need to lock them:

For policies.json:

You need to use SSLVersionMax and SSLVersionMin as described on https://github.com/mozilla/policy-templates#sslversionmax

That is because the Preferences policy does not allow setting security.* preferences

General reference: Customize Firefox using policies.json

For Autoconfig:

Is your setup working at all -- the only problem is with the two preferences? See: Customize Firefox using AutoConfig

Thank you! That definitely makes sense then since that lines up with what I want. I do need to lock them, so I’ll use those two policies. It works when I use that site as well. As for Autoconfig, my setup is working aside from those two preferences, although they’re fine anyway as is.


James said

The TLS has been at minimum 1.2 since the Fx 78 Release. https://www.mozilla.org/firefox/78.0/releasenotes/
We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.

https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/


Whoops, thought this was a Thunderbird question at the time though the change of disabling TLS 1.0 and TLS 1.1 was made in Tb 78.0 also.

Oh okay that makes sense! It’s good that my TLS versions are working as expected then. Thank you!

Mike Kaply said

We have a patch to clean these up a bit. Should be clearer in the next policy update.

That’s good to hear. That’s a very helpful change for sure! Thank you!

more options

Note that your question shows Unicode quotes (“;201c) and not normal quotes ("), so I'm not sure if this would work at all if you use this in the autoconfig.cfg file and not merely in your question.

  • lockPref(“security.tls.version.max”,”3”)
more options

cor-el said

Note that your question shows Unicode quotes (“;201c) and not normal quotes ("), so I'm not sure if this would work at all if you use this in the autoconfig.cfg file and not merely in your question.
  • lockPref(“security.tls.version.max”,”3”)

Oh okay that makes sense. I will change that to normal quotes then. Thank you!