intent to ship: disabling 3DES by default
45 views
Skip to first unread message
Dana Keeler
Aug 31, 2021, 3:40:06 PM8/31/21
to dev-pl...@lists.mozilla.org
It is long past time to disable 3DES ciphersuites. Chrome has already
done so as of version 93 [0]. Telemetry indicates 3DES [1] is used even
less often than deprecated versions of TLS [2]. Our approach to
deprecating 3DES is to only allow it to be enabled when deprecated
versions of TLS are also enabled. This will allow users who need to to
connect to old, un-upgradable devices that rely on TLS 1.0/3DES while
protecting the majority of users who require neither deprecated TLS nor
3DES ciphersuites.
This work was done in bug 1724072 [3] and is currently targeted to ship
in Firefox 93.
[0] https://www.chromestatus.com/feature/6678134168485888
[1] https://mzl.la/3gMiRN6 - see bucket 66
[2] https://mzl.la/3mPCCao - see buckets 1 and 2
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=1724072
done so as of version 93 [0]. Telemetry indicates 3DES [1] is used even
less often than deprecated versions of TLS [2]. Our approach to
deprecating 3DES is to only allow it to be enabled when deprecated
versions of TLS are also enabled. This will allow users who need to to
connect to old, un-upgradable devices that rely on TLS 1.0/3DES while
protecting the majority of users who require neither deprecated TLS nor
3DES ciphersuites.
This work was done in bug 1724072 [3] and is currently targeted to ship
in Firefox 93.
[0] https://www.chromestatus.com/feature/6678134168485888
[1] https://mzl.la/3gMiRN6 - see bucket 66
[2] https://mzl.la/3mPCCao - see buckets 1 and 2
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=1724072
Reply all
Reply to author
Forward
0 new messages