Earlier this month, Mozilla rolled out Firefox 74, the latest version of its popular open source web browser. As we reported at the time, the company removed TLS 1.0 and 1.1 support from the browser. Under the change, admins accessing the utilities would be greeted with a “Secure Connection Failed” error.
However, it seems Mozilla has decided to reverse its decision.TLS 1.0 and 1.1 are back on Firefox 74. If you're unfamiliar with TLS, it is a cryptographic protocol that gives you that little green padlock in your browser bar.
Version 1 of the protocol contains a flaw that lets attackers downgrade user's security to SSL 3.0 to weaken them, and TLS 1.2 and above generally provides much better security. As such, Mozilla removed support for the older versions, effectively pushing admins to update to the newer builds.
However, the company now says the burden on admins during the ongoing COVID-19 pandemic means they may not have time to jump to TLS 1.2 or 1.3. Because of this, Firefox 74 now supports the older versions of the protocol again.
“We reverted the change for an undetermined amount of time to better enable access to critical government sites sharing COVID19 information,” Mozilla explains in the official release notes.
The company alludes to governments in that message. It seems government use is a driver behind the decision to reinstate TLS 1.0 and 1.1. Many government websites still run the older versions of TLS. These websites have become hugely important in providing information regarding the COVID-19 outbreak.
However, Mozilla is only re-introducing TLS 1.0 and 1.1 temporarily. In other words, the company will end support again at some point. However, this could be months considering forecasts for the length of time the coronavirus will affect day-to-day life.
Mozilla also added TLS older versions back into the Firefox beta version.
“Mozilla is going to temporarily re-enable the TLS 1.0/1.1 support in Firefox 74 and 75 Beta. The preference change will be remotely applied to Firefox 74, which has already been shipped. This is because many people are currently forced to work at home and relying on online tools amid the novel coronavirus (COVID-19) outbreak. But some of critical government sites still don't support TLS 1.2 yet,” Mozilla says.