Understanding TLS Changes in Firefox 37
Can someone point me to a document that clearly explains what changes were made in Firefox 37 with respect to TLS? The only thing I can find in the release notes is "Disabled insecure TLS version fallback for site security". I find reference to a Bugzilla, but there are pages of discussions and no clear statement of what has changed. Many web sites have reported that TLS 1.0 was disabled by default and we found one of our web sites that only supports TLS 1.0 was impacted, but another one that only supports TLS 1.0 works just fine. So, it would be helpful to find an authoritative post that sheds light so we can resolve issues relating to Firefox and our applications. Otherwise the only guidance is to use IE. 8-(
All Replies (4)
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
Run your website through https://www.ssllabs.com/ and you can see all security issues that need to be fixed.
Hi, see also specific for 37 : http://bitsup.blogspot.de/2015/03/opportunistic-encryption-for-firefox.html
thanks
Actually OE was disabled in 37.0.1 due to a bug.