info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Intent to ship: TLS 1.3 draft
1,009 views
Skip to first unread message
Martin Thomson
Oct 19, 2016, 7:49:43 PM10/19/16
to dev-platform
As of Firefox 52 I intend to turn TLS 1.3 on by default. TLS 1.3 has
been developed using the existing security.tls.version.max preference
to control maximum version.
TLS 1.3 is the next version of TLS, the protocol that secures the web.
TLS 1.3 removes old and unsafe cryptographic primitives, it is built
using modern analytic techniques to be safer, it is always forward
secure, it encrypts more data, and it is faster than TLS 1.2. TLS 1.3
also provides a 0-RTT mode which removes the round-trip of handshake
latency. (We will not however enable 0-RTT as part of this change).
We intend to ship draft 16 of TLS 1.3 and update to 17 as we are able.
Since this is a draft version of the spec going into an ESR release,
we intend to disable the feature for the ESR.
TLS 1.3 has a number of measures that will ensure that we remain
compatible with existing servers. We have tested for incompatibility
and found no issues (though our tests are naturally limited).
We already have support for TLS 1.3 in developer tools and the UI.
We did not previously send an intent to implement. I’ve included
relevant details in this mail.
Chrome Canary has TLS 1.3 support, but it is behind a flag. Also,
Cloudflare support TLS 1.3 (by request only).
Bug to turn on by default: https://bugzilla.mozilla.org/show_bug.cgi?id=1310516
Link to spec: https://tools.ietf.org/html/draft-ietf-tls-tls13-16
been developed using the existing security.tls.version.max preference
to control maximum version.
TLS 1.3 is the next version of TLS, the protocol that secures the web.
TLS 1.3 removes old and unsafe cryptographic primitives, it is built
using modern analytic techniques to be safer, it is always forward
secure, it encrypts more data, and it is faster than TLS 1.2. TLS 1.3
also provides a 0-RTT mode which removes the round-trip of handshake
latency. (We will not however enable 0-RTT as part of this change).
We intend to ship draft 16 of TLS 1.3 and update to 17 as we are able.
Since this is a draft version of the spec going into an ESR release,
we intend to disable the feature for the ESR.
TLS 1.3 has a number of measures that will ensure that we remain
compatible with existing servers. We have tested for incompatibility
and found no issues (though our tests are naturally limited).
We already have support for TLS 1.3 in developer tools and the UI.
We did not previously send an intent to implement. I’ve included
relevant details in this mail.
Chrome Canary has TLS 1.3 support, but it is behind a flag. Also,
Cloudflare support TLS 1.3 (by request only).
Bug to turn on by default: https://bugzilla.mozilla.org/show_bug.cgi?id=1310516
Link to spec: https://tools.ietf.org/html/draft-ietf-tls-tls13-16
Jeff....@kingsmountain.com
Oct 28, 2016, 1:40:15 PM10/28/16
to
On Wednesday, October 19, 2016 at 4:49:43 PM UTC-7, Martin Thomson wrote:
>
> As of Firefox 52 I intend to turn TLS 1.3 on by default. ...
>
> ...
>
> ... Since this is a draft version of the spec going into an ESR release,
TLS 1.3, draft -16, will be enabled by default in the regular
Firefox 52 release. Firefox 52 will also be available as an Extended
Support Release (ESR), which is made available separately. TLS 1.3
will be disabled by default in FF 52 ESR.
=JeffH
>
> As of Firefox 52 I intend to turn TLS 1.3 on by default. ...
>
> ...
>
> ... Since this is a draft version of the spec going into an ESR release,
> we intend to disable the feature for the ESR.
hm, is the below re-statement, of the above apparently-conflicting statements, correct?
TLS 1.3, draft -16, will be enabled by default in the regular
Firefox 52 release. Firefox 52 will also be available as an Extended
Support Release (ESR), which is made available separately. TLS 1.3
will be disabled by default in FF 52 ESR.
=JeffH
Eric Rescorla
Oct 28, 2016, 2:05:45 PM10/28/16
to =JeffH, dev-platform
Yes.
> _______________________________________________
> dev-platform mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
>
> dev-platform mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
>
0 new messages