back to article These truly are the end times for TLS 1.0, 1.1: Firefox hopes to 'eradicate' weak HTTPS standard by blocking it

Mozilla Firefox will require user intervention to connect to websites using the TLS 1.0 or 1.1 protocol from March 2020 – and plans to eventually block those weak HTTPS connections entirely. We have been hearing about issues with TLS 1.0 and 1.1 for some time. Web servers should really be using TLS 1.2 or 1.3 for their …

  1. RM Myers
    FAIL

    "We decided on a global fallback"

    Great - I wonder how many older embedded webservers on local networks (routers, smart TV's, cable modems, etc) will be updated from TLS 1.0 or 1.1? I'm guessing ZERO - which means you either lose access to device settings, have to fiddle with a global firefox setting every time, or you allow TLS 1.0 on any webserver on the internet. Thanks Mozilla.

    Guess I will need to use Chrome to access these devices. Oh wait, ..

    1. katrinab Silver badge

      Re: "We decided on a global fallback"

      Most of them are http only? They are usually accessed by IP address, and you can't get a certificate for that.

      1. RM Myers

        Re: "We decided on a global fallback"

        Some are, some aren't, and some allow you to change from HTTP to HTTPS.

      2. LDS Silver badge

        Re: "We decided on a global fallback"

        Actually, you can have certificates of IP addresses too. Subject alternative names can contain IP addresses as well. Probably no "root" CA will ever release a certificate with an IP especially when you don't own (fully, i.e. like Apple) that IP address. But if you have an internal CA, and control your own internal address space, you can issue certificates with IP as well. I do - for devices for which I need to access even when the DNS system is down.

        Moreover usually people access devices by IP because they don't have a working name resolution system - but many devices do allow using HTTPS.

      3. Anonymous Coward
        Anonymous Coward

        Re: "We decided on a global fallback"

        They are usually accessed by IP address, and you can't get a certificate for that.

        Partially correct. You can get publicly trusted certificates for a public IP address, but not for a reserved i.e. private IP address (and any public certificates that were issued for reserved IP addresses were revoked around a decade ago IIRC.)

        If you need a certificate for a reserved IP address for your own internal network, you can set up your own certificate authority (e.g. Active Directory Certificate Services if you're of a windows persuasion) and bake your own.

      4. DrXym Silver badge

        Re: "We decided on a global fallback"

        You can get certs that work for IP addresses. Of course a secondary problem is that certs expire too and many embedded devices might even use self signed certs or certs signed by other certs which aren't in the browser's trusted certs list.

    2. Anonymous Coward
      Anonymous Coward

      @RM Myers - Re: "We decided on a global fallback"

      Consider yourself lucky if those developer-gods will allow you to fiddle your way into that old device that you have to administer.

      So many times I was forced to dig into the Internet scrapyard to get an old enough version of Firefox that would allow me to continue doing my job! Same goes for Java JRE that would happily lock me out from management interfaces of old equipment.

      Memo to those programmers from Mozilla: there are people actually trying to do their job who deeply hate when a browser stands in their way.

      1. Halfmad Silver badge

        Re: @RM Myers - "We decided on a global fallback"

        I don't think they care, browsers are increasingly aiming at home users now IMHO.

        1. LDS Silver badge

          "browsers are increasingly aiming"

          At just being endpoints to let Internet Molochs make money. And they are those who pay for browser development....

    3. Snake Silver badge

      Re: "We decided on a global fallback"

      And this is the perfect example of why the world is what it is today: BROKEN. A better option was available - per-site exception - but that's not what was implemented. Someone decided 'Taking the global route is much easier to implement, as that's our decision', and forced it down the pike to the end users with no alternative given.

      All or nothing, our way or no way at all.

      It is a perfect reflection of modern society and why the individuals who make up today's society feel less and less hope, less and less in control of their own lives, and less and less inspired to get up and get involved in processes, from political to technical. "We're all doomed"...because some high-end twat at management level makes a declaration from on high, regardless of the impact on the people actually affected, and that's that.

      Instead of leading the way with user options, Firefox's programmers as usual made a unilateral declaration and now it's up to us to accept and swallow it, or take the only other alternative of moving to a different product. Even for those of us NOT interested in moving to a different product. Firefox's market is shrinking so let's make more choices that may put off users, rather than listen to years of complaints and stop doing things without user feedback!

      We are, indeed, all doomed. The dumb fscks of this world have apparently put themselves into all the positions of power; the Leyland curse has spread globally.

      1. ScrappyLaptop

        Re: "We decided on a global fallback"

        Call me woefully uninformed but who or what is Leyland besides the company that bought up all those great old crappy British car brands shortly before most of them died of poor quality, unleaded gas and safety & emissions regulations?

        1. John Jennings

          Re: "We decided on a global fallback"

          Precisely that. He seems to be equating their failure with the management (rather than that and the insane communist tenancies that existed within the workforce).

          Management was by the very committees and central planning that he seems to want earlier in the post.

        2. Dave559

          Re: Leyland

          That has made me think that, somewhere in a parallel universe, there must exist the Leyland-Matsui corporation, which makes spaceships that are even rustier than the Nostromo, equipped with electronics kit that requires even more in the way of regular percussive maintenance...

      2. John Jennings

        Re: "We decided on a global fallback"

        You can contribute to the discusion - in the appropriate place. Bitching on ElReg isnt it.

        I would humbly submit that your whine here, (even though you are not interested in changing, so they must be doing something right) is more the reflection of modern society you decry - where you want something for no (apparent) cost, and whinge when you dont have the specific option to suit you personal preferance!

        Developers need to make decisions - or change doesn't happen.

        Firefox development (and OS in general) isnt some 1970's style collective of comrades developing under a vote for every design line. If it were, you would have truly beautiful code - that could barely render HTML.

        1. Roland6 Silver badge

          Re: "We decided on a global fallback"

          >Developers need to make decisions - or change doesn't happen.

          The question is are they making the correct decisions...

          I can see the rationale for the out-of-the-box configuration and download, as used by most of Joe Public to be updated and for that version to have 'legacy' stuff depreciated, given this will largely be used on the public Internet. However, I question the way the developers have decided to depreciate legacy TLS support, there are much better ways than the one they have chosen.

    4. HildyJ Silver badge
      Holmes

      Re: "We decided on a global fallback"

      Why not complain about the older embedded web servers? They are claiming security without providing it. They should be updated to use current security protocols or HTTP.

      I heard the same thing when browsers stopped supporting Flash Player.

      1. Anonymous Coward
        Anonymous Coward

        @HildyJ - Re: "We decided on a global fallback"

        You don't seem to be working in a production environment of a medium/large company, do you ?

        1. HildyJ Silver badge
          Unhappy

          Re: @HildyJ - "We decided on a global fallback"

          Actually, I don't work at all. But I have worked for mid and large sized companies that transitioned from stand-alone Wang word processors to Windows 3.1 PCs and from CICS terminals to those PCs. I worked onY2K where we fixed the programs and the databases. I've never done 3.1 to XP but I did work on XP to 7 to 8. I was out of IT when the company went from 8 to 10 but I was managing the contractors who had to upgrade their applications to handle it. Admittedly I've never worked in a Linux shop but I have worked in a Unix shop and, very long ago, an OS/2 shop. What I've never done is work for a company that let the accountants make the IT decisions.

          1. LDS Silver badge
            Facepalm

            Re: @HildyJ - "We decided on a global fallback"

            It looks you never worked on network and system devices - it's a while most of them are browser based for management and monitoring (plus - but not always - a CLI, but some tasks are simpler via the UI) - and many of them won't see upgrades to their firmware to support newer TLS standards.

            Most of them are not internet facing, and many may even be on separate management VLANs.

            There could also be a lot of SOHO gear which may not longer be accessible. Many "smart managed" switches may have a web interface but not a CLI.

            One solution would be to revert to plain HTTP when possible. Is that what Mozilla wants?

          2. Anonymous Coward
            Anonymous Coward

            Re: @HildyJ - "We decided on a global fallback"

            No, its usually the CEO and his golfing buddies, or at least it was when I workd for a Fortune 5 company.

          3. BinkyTheMagicPaperclip Silver badge

            Re: @HildyJ - "We decided on a global fallback"

            When you've got 500 terminals that only support TLS 1.0, and the cost to replace them is something approaching £2000 each, I look forward to the complete lack of accountancy input in the decision to drop well over a million pounds in replacing your infrastructure.

    5. phuzz Silver badge

      Re: "We decided on a global fallback"

      As an example, older APC power distribution units like the AP7921 have a web interface that can only do up to SSL3.0. So my only choice is to either leave them http only, or keep an old copy of IE around to access them. Because yes, I have almost locked myself out of them before by enabling HTTPS. Ours are on a separate management network though, so we can leave them on http only without worrying too much.

      (Here's the list of ciphers it supports, read it and weep: DES [56 bit], RC4_MD5 [128 bit], RC4_SHA [128 bit], 3DES [168 bit])

      1. Anonymous Coward
        Anonymous Coward

        Re: "We decided on a global fallback"

        Common problem that is either not understood or simply ignored by the idiots "in charge" of browers who seem to believe the mantra that no encryption is somehow better than weak encryption.

        Bunch of idiotic unprofessional wasters the lot of them.

  2. JohnFen Silver badge

    Evenhandedness

    Since I admonish Google for being heavy-handed in similar ways, I'll admonish Mozilla as well. It is not the web browser's role to decide what is or is not acceptable, and I resent it when they do.

    Fortunately, I use neither Chrome/Chromium nor the "modern" Firefox (in small part because of this sort of nonsense), so this won't affect me. But it irks me just the same.

    1. John Jennings

      Re: Evenhandedness

      The problem is that most admins of those servers either dont give a damn or their managers dont give a damn. 'Just works well enough' is all that they are interested in.

      It is all very well saying that they should care - but even blue chip companies dont really.

      They do care when it doesnt work any more. And the only way to force that is to break the servers at the browser.

      Sorry - but its how social inertia works.

      1. JohnFen Silver badge

        Re: Evenhandedness

        > The problem is that most admins of those servers either dont give a damn or their managers dont give a damn

        I understand. I don't think that fact justifies these sorts of actions.

        > And the only way to force that is to break the servers at the browser.

        So don't force it. The browsers breaking shit just to force the hand of others is unacceptable.

  3. Bronek Kozicki Silver badge
    Thumb Up

    Good

    I do realize it is controversial, but known insecurity is better than an illusion of security.

    1. LDS Silver badge

      Re: Good

      That's a Manichean approach. Are there easy attacks against TLS 1.0 and 1.1 which makes them just an "illusion" comparable of no security at all?

      The seat belts in your car are less secure than the seat belts in a F1 car. Should you avoid to use them because of that? Should you leave you house open because a good thief can bypass your lock?

      1. MiguelC Silver badge

        Re: Are there easy attacks against TLS 1.0 and 1.1 (...)??

        Short answer is yes

        1. Roland6 Silver badge

          Re: Are there easy attacks against TLS 1.0 and 1.1 (...)??

          >Short answer is yes

          Depends on your definition of 'easy'...

          Compared to using network analyzers like wireshark to simply sniff unencrypted packets and reading credentials etc. directly off the screen, none of the attacks against TLS 1.n are easy, they all require some forethought and the laying of a trap.

          Sometimes security only needs to be good enough to act as a deterrent...

        2. LDS Silver badge

          Re: Are there easy attacks against TLS 1.0 and 1.1 (...)??

          None of them are easy enough to give an 'illusion' of security, as the site itself notes. Do you believe using plain HTTP is better?

          Browsers can block downgrades and make exception valid per site only, even, as others pointed out, only for the lan reserved ip addresses.

      2. Anonymous Coward
        Anonymous Coward

        Re: Good

        "The seat belts in your car are less secure than the seat belts in a F1 car. Should you avoid to use them because of that?"

        To continue your car metaphor, this is like airbags being mandatory in modern cars, even though the Model T didn't even have seatbelts.

  4. Drefsab_UK

    Good

    For all those skating them for this I applaud them, the standards for security evolve hell all the estate I look after have been tls 1.2 for years now. But to many sys admins are lazy when it comes to patching and keeping up to date. The average Joe doesnt know the the different between tls v1.3 using ECDH chacha ciphers and ssl v3 using rc4. But there's a world of difference and when some old granny gets her details compromised on a site and she says but the padlock was in the top bar it should be secure it's the browsers that will get blamed.

    You should be telling the users if a sites not secure etc. You should be protecting users who don't understand. Giving a false illusion of protection is worse than no protection etc.

    If you work in in or are a dev then you are not an average Joe, you should be able to use older version or use the override flags in the browser or setup a work around I personally use haproxy as a dmz in the vlan old devices are in (ilo's and such), I terminate tls v1.3 to that then it's backends speak to the devices on what ever protocol they support.

    1. Anonymous Coward
      Anonymous Coward

      @Drefsab_UK - Re: Good

      Sorry to bring this to you but I don't care about average Joe. It's his computer, his problem. What we're bitching here is the "I'm afraid I can't do that, Dave!" when I have important work to do.

      1. John Jennings

        Re: @Drefsab_UK - Good

        Why?

        Your supplier/vendor in the supply chain will have to fix it- they wont until they have to.

        OR your teams that you are supporting who are using the old protocols are not re-enginerring themselves to the vendor/suppliers new product - usually because its 'inconvenient' (which is often wrapped in 'its not possible').

        OR your policy says that connection to X for purpose Y must be encrypted (usually for some external compliance piece like PCI) and now it is being exposed that it isnt, so you need to find a 'better' solution.

        Use IE11 if you are stuck - keep Firefox for the day to day stuff.

        1. LDS Silver badge

          "Your supplier/vendor in the supply chain will have to fix it"

          No, your vendor/supplier will want to sell you a whole new device because it won't fix it.

          And we get back to yesterday article about sending perfectly working hardware to the junk yard just because....

          1. Loyal Commenter Silver badge

            Re: "Your supplier/vendor in the supply chain will have to fix it"

            No, your vendor or supplier will not get the new sale, another vendor or supplier who sells gear that is patchable and has a reasonable length support lifetime will get the new sale, and you will get a lesson in why the cheapest option is not always the best.

      2. Drefsab_UK

        Re: @Drefsab_UK - Good

        Then your not the average user and can either take the time to set the browser to allow it, update your infrastructure or put in a technical work around. Browser vendors should not just make things easier for those to lazy to do anything about piss poor security.

        Browsers forcing people to address poor security is nothing but a good thing.

        If you can't be bothered to learn how to enable weak protocols on the browser (it's just a setting takes 30 seconds to do) or bothered updating your infrastructure then your part of the problem that the browsers want to warn people about. This site can't be bothered to do security properly use at your own risk.

    2. Dave K Silver badge

      Re: Good

      I have no problem with flagging it up. That's fine. The problems are firstly that it is a global override (enable for one site and the shaming stops), and that they will soon remove altogether. It should be overridden by site. Plus when they remove it altogether it will cause problems for accessing old, internal systems that use these older encryption methods and which cannot feasibly be updated. Really looking forward to using an outdated portable browser for those said pretty much no admin ever...

      1. Drefsab_UK

        Re: Good

        Agreed the override should be per site not global.

      2. mark l 2 Silver badge

        Re: Good

        It does seem strange that Mozilla are trying to protect users from insecure versions of TLS but then have a global override to switch off the warning.

        I really hope they reconsider that option to being on a per site basis, and they should really continue to offer it as a future option in the browser, even if it has to be manually switched on from the settings so your average joe public doesn't go clicking yes to everything that pops up on the screen.

  5. tip pc Bronze badge

    Permit week TLS to rfc1918

    Hardening security is great but would be better if they permitted lesser encryption to rfc 1918 address so we could keep administering our ancient but still live and still production kit.

    1. Anonymous Coward
      Anonymous Coward

      Re: Permit week TLS to rfc1918

      Just being allowed to get to a local device without the ***ing browser insisting that the certificate is bad because it's not signed by one of the current "allowed" list would be great.

      Why the F should I care if it's got a self signed certificate for the IP address?

      Without a "subject ALTERNATE name"!

      1. Bronek Kozicki Silver badge
        Paris Hilton

        Re: Permit week TLS to rfc1918

        I think most browsers support "security exceptions" for this, am I right?

  6. IGotOut

    Just do what I used to do

    Use an older portable browser and never let it upgrade. Then when stuck, use that rather than a more secure and up to date version

    1. Yes Me Silver badge

      Re: Just do what I used to do

      Yes. I'm happy with FF 71.0 and updates disabled. Everything since that version has been really annoying.

  7. LateAgain

    “unlikely event that admins have neglected to upgrade web servers”

    Don't tell me. Tell the hardware providers that stopped providing firmware updates years ago.

    1. Loyal Commenter Silver badge

      Re: “unlikely event that admins have neglected to upgrade web servers”

      If your hardware uses TLS 1.1 (or worse TLS 1.0, or even SSL3) and they haven't provided a firmware upgrade to fix it (and it is a fix, because those are vulnerabilities) then you should seriously be considering replacing that hardware, especially if it is in an enterprise environment. Attacks can, and do, come from within the corporate environment, and if you're using unsupported gear (such as switches, firewall devices, et al) then you have a vulnerability that should be fixed. End of.

      Going from memory, the vulnerability in TLS 1.1 is currently theoretical, but could become a real threat in 5-10 years, the flaw in TLS 1.0 is exploitable by a determined attacker to e.g. hijack SSL sessions, and SSL3 is practically exploitable with a RaspPi.

  8. Mike 16 Silver badge

    Cognitive dissonance

    Let's parse this:

    ----

    Thyla van der Merwe, cryptography engineering manager at Mozilla, said: "We plan to keep the override button for now; the telemetry we're collecting will tell us more about how often this button is used. These results will then inform our decision regarding when to remove the button entirely.

    ----

    So, collecting telemetry to see how often the override button is pressed, _but_ also making that button-press a one-shot global (per browser) thing, so that telemetry will only ever see a single button press per browser instance, probably wildly under counting button presses. In other words, throw out the very data that would enable a rational, evidence based decision, so we can count to 42 and proceed to do what we intended to do all along. Note that this is nominally an _engineer_ making that statement.Thankfully not a nuclear engineer or architect of major bridges.

    This may be a correct decision, but the effort put into making the decision process flawed does not suggest that conclusion.

    I used to think that _if_ we ever started to teach critical thinking skills to teenagers and below, after 20 or so years we might have people in power who knew how to make rational decisions. I think that ship (Vasa?) has sailed.

  9. wolfetone

    I bet in some future updates of Firefox and Chrome, they'll automatically furnish you with some sort of contraception when you attempt some love making with your significant other/significant investment as well.

    1. Anonymous Coward
      Anonymous Coward

      It's more like, if you choose to use it anyway, they're making sure it doesn't have holes in it.

      1. Anonymous Coward
        Anonymous Coward

        Ask it for a condom, it books you in for a vasectomy.

  10. adam 40 Bronze badge

    I hate browser fascism

    It's either websites telling me what browser I must use as older ones are "unsupported", or browsers telling me which websites I can use.

    I am thinking it's about time for me to build my own from source, and then I can put whatever ID string in it to fool the websites.

    After all, I regard the whole lot as intrinsically unsafe, and keep the various browsers being used for "different things" and different laptops/phones firewalled from each other already.

  11. DrXym Silver badge

    Should be a per site setting

    Somebody might want to whitelist one site which has reasons for not upgrading while seeing a warning for others. Not a global on/off switch.

  12. kmedcalf

    Idiots

    Firefox already has settings for the minimum and maximum version. They just need to add another one for the nagme version. Then the only thing that needs to change is that if the TLS version is allowed and the version is less or equal to the "nagme" version, then with a silly "This connection is wanting to use TLS or SSL version, do you want to continue?"

    The values of course are 0 for SSL3, 1 for TLS 1.0, 2 for TLS 1.1, 3 for TLS 1.2, and 4 for TLS 1.3

    The settings strings are of course: tls.version.max and tls.version.min so you would just need to add a tls.version.nag setting. Then with one simple change you can do all of the above with no bother, no muss, and no fuss (and still be entirely configurable).

    tls.version.min = 1

    tls.version.max = 4

    is like it is now, allow tls 1.0 through tls 1.3

    add a setting

    tls.version.nag = 2

    so that you get nag messages at or below tls 2.0

    and change

    tls.version.min = 3

    to not allow versions of tls other than 1.2 or 1.3

    No muss, no fuss, no bother, and if you have turned off "remote settings diddling" then there is absolutely no impact whatsoever because you will have already prohibited Mozilla from diddling with your settings.

  13. Mike 137 Silver badge

    Here we go again

    Once again an arrogant software developer decides it must dictate how we, its users, operate. Why should they be responsible for our "security"? Surely it's up to us. If I want to use an aged and (supposedly) insecure browser, that's entirely my business, and I might have a very good reason to do so, even if it's beyond the comprehension of the vendors.

    I suspect however that keeping us attuned to churn is a more significant motivation than nannying our security, as the entire industry relies on forced obsolescence to stay in business and the open source community is increasingly infected by the same mind set.

  14. B.D.

    I'm still working through tweaking FF,

    Excuse my brainfart, (having not gotten to forcing SSL versions), Other than the tls.version.nag, Are your settings currently supported? I'm still using 68.3.0.

    Thx, B D.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020