As of Firefox 52 I intend to turn TLS 1.3 on by default. TLS 1.3 has been developed using the existing security.tls.version.max preference to control maximum version.
TLS 1.3 is the next version of TLS, the protocol that secures the web. TLS 1.3 removes old and unsafe cryptographic primitives, it is built using modern analytic techniques to be safer, it is always forward secure, it encrypts more data, and it is faster than TLS 1.2. TLS 1.3 also provides a 0-RTT mode which removes the round-trip of handshake latency. (We will not however enable 0-RTT as part of this change). We intend to ship draft 16 of TLS 1.3 and update to 17 as we are able. Since this is a draft version of the spec going into an ESR release, we intend to disable the feature for the ESR. TLS 1.3 has a number of measures that will ensure that we remain compatible with existing servers. We have tested for incompatibility and found no issues (though our tests are naturally limited). We already have support for TLS 1.3 in developer tools and the UI. We did not previously send an intent to implement. I’ve included relevant details in this mail. Chrome Canary has TLS 1.3 support, but it is behind a flag. Also, Cloudflare support TLS 1.3 (by request only). Bug to turn on by default: https://bugzilla.mozilla.org/show_bug.cgi?id=1310516 Link to spec: https://tools.ietf.org/html/draft-ietf-tls-tls13-16 _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
