TLS is a custom invoked under a covers when observation secure websites (those installed with HTTPS rather than HTTP). There are mixed versions of a TLS protocol, and a many new version, 1.2, is a many secure. Last time, I discussed tweaking Firefox so that it only supports TLS chronicle 1.2 and not a comparison versions (1.0 and 1.1) of a protocol.
But that begs a question: what happens when a security-reinforced duplicate of Firefox encounters a website that does not support TLS 1.2? The answer is shown below.
For a advantage of hunt engines, a blunder reads
Secure Connection Failed.
An blunder occurred during a tie to [website name]. Peer regulating unsupported chronicle of confidence protocol. Error code: SSL_ERROR_UNSUPPORTED_VERSION
The confidence custom it refers to is TLS. There are 3 problems, however, with this Firefox blunder message.
For one thing, TLS 1.0 and 1.1, that a website is using, is indeed upheld by Firefox – a usually that a sold instance of a browser was configured not to use them. And, annoyingly, a summary does not contend what unsupported chronicle it encountered.
Finally, a bottom of a summary is a trap. Specifically, a note that “It looks like your network confidence settings competence be causing this. Do we wish a default settings to be restored?” along with a blue “Restore default settings” button.
I cruise this a trap since it resets Firefox to again accept a older, reduction secure TLS versions (1.0 and 1.1).
The shade shot is from Firefox chronicle 54 Windows, a blunder summary on OS X is a same. On Android, however, Firefox 54 does not contend that your network confidence settings are a emanate and there is no symbol to revive a default settings.
VERIFYING THE TWEAK
You might go months before encountering a website that does not support TLS 1.2. In that case, how do we know a tweaking of Firefox unequivocally worked?
Visit a SSL Client Test site and a exam runs automatically. Scroll down to a Protocols section. If a tweaking worked as expected, we should see a “Yes” for TLS 1.2 and a “No” for TLS 1.1, TLS 1.0, SSL 3 and SSL 2. That’s good Defensive Computing. It also reports on TLS 1.3, though as this chronicle is still in breeze mode, it can be ignored.
There are dual exam websites, one that usually supports TLS chronicle 1.1 and another that usually supports chronicle 1.0. They are
If we try to bucket these pages in a normal web browser, all is well. But try to bucket them in a duplicate of Firefox that has been restricted to TLS 1.2 and they fail.
Finally, is limiting Firefox to TLS 1.2 unequivocally value a trouble?
Still to come: tying Chrome and Internet Explorer to TLS 1.2, and doing a same with a Endless browser on iOS.
Get in hold with me secretly by email during my full name during Gmail or publicly on chatter during @defensivecomput.