Firefox 49 gets TLS 1.3 support - gHacks Tech News

Firefox 49 gets TLS 1.3 support

Mozilla implemented support for the security protocol TLS 1.3 in Firefox 49 recently.

TLS 1.3 is the most recent version of TLS (Transport Layer Security), the successor of SSL (Secure Sockets Layer). TLS is a cryptographic protocol used to improve communications security on the Internet.

Most Internet users come in contact with TLS when browsing the web (when they connect to HTTPS websites), or when they setup email accounts manually. The protocol is used for other activities such as instant messaging or voice over IP however.

TLS 1.3 has been published as a draft in early 2016 which means that specifications may change before it is officially unveiled.

The new protocol version includes new features and security improvements, for instance the removal of weak functions.

Firefox 49 TLS 1.3

firefox tls 1.3

Mozilla added support for TLS 1.3 in Firefox 49. It needs to be noted that Firefox 49 is the target version, but that things may change along the way that delay the implementation so that it won't be available in Firefox 49 Stable after all.

For now though, Firefox 49 is the target milestone for the feature.

TLS 1.3 is not enabled by default currently, and Firefox users who want to enable it need to change a parameter in Firefox before it can be used.

This is mostly useful for developers currently who want to test the implementation on web servers they run, as the majority of sites and services that use HTTPS are not supporting TLS 1.3 publicly yet.

To enable the feature in Firefox, do the following:

  1. Type about:config in the browser's address bar and hit enter.
  2. Confirm that you will be careful if the prompt appears.
  3. Search for the parameter security.tls.version.max.
  4. Double-click on it, and change its value to 4.

This sets the maximum supported SSL/TLS version to 1.3. Please check out our TLS guide if you are interested in the parameter, and its sister-parameter security.tls.version.min.

Most SSL test services on the Internet don't support TLS 1.3 yet. In fact, some may even display that the browser is supporting an unknown version of TLS.

tls 13

Additionally, some sites may be broken if TLS 1.3 is enabled. Check out the broken sites text document on the Bugzilla bug listing for a list of sites that won't work currently when you enable TLS 1.3 in Firefox.

Enabling TLS 1.3 support in Firefox is important but it will take time before servers on the Internet adopt the new version. (via Sören)

Summary
Firefox 49 gets TLS 1.3 support
Article Name
Firefox 49 gets TLS 1.3 support
Description
Mozilla implemented support for the security protocol TLS 1.3 in Firefox 49 recently, and plans to launch support in Firefox 49 Stable officially.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Fred said on June 22, 2016 at 3:11 pm
    Reply

    Is it possible to enable TLS 1.3 in the current version of Palemoon, namely vession 26.3.0, dated 2016-06-21?

    1. Martin Brinkmann said on June 22, 2016 at 3:44 pm
      Reply

      I have not tried, but I doubt it. Will probable be integrated at a later point in time.

    2. Sören Hentzschel said on June 22, 2016 at 7:02 pm
      Reply

      Palemoon 26.3 uses NSS 3.19, TLS 1.3 was first implemented in NSS 3.23 and improved in NSS 3.24, so no, Palemoon 26.3 does not support TLS 1.3.

  2. Fred said on June 22, 2016 at 4:09 pm
    Reply

    Thank you. That was my view. Even in Firefox, it is something, which only has a limited degree of usefulness at the moment. Few sites use it. Alarmingly, there are still even many sites, which still use obsolete ciphers with even TLS 1.2.

  3. Fred said on June 22, 2016 at 11:46 pm
    Reply

    Thank you.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.