XUL staff client does not support TLS above 1.0
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Opening this bug for documentation purposes.
The version of XULRunner used by Evergreen (version 14) supports TLS version 1.0, but not versions 1.1 or 1.2. TLS version 1.0 is effectively deprecated. For example, it's no longer considered sufficient for PCI compliance:
For reference, support for later versions was added to FF/XUL as part of this bug: https:/
You can test this by modifying (on Ubuntu) /etc/apache2/
SSLProtocol TLSv1.1 TLSv1.2
Once done, if you connect with the XUL client, it will report "There was an error testing this hostname". Adding an SSL Exception is not an option.
We are of course already working to move away from XULRunner. I'm documenting this issue as one more reason it's important to continue this effort with all due haste. Also, someone may point out that I'm wrong and that there is in fact a way to resolve this issue while we are still using XULRunner.
Changed in evergreen: | |
status: | New → Won't Fix |