Bug 1579270 - Disable TLS 1.0 and TLS 1.1 in Nightly, r=jcj

This flips the default for security.tls.version.min to 3 (TLS 1.2) for the Nightly channel. Having had this pref at this level for the last year, I can confirm that this does break the occasional site, but it is quite rare. The intent of this change is to start making it more obvious when sites don't support TLS 1.2. I'm asking for wider review because this is a disruptive change. Differential Revision: https://phabricator.services.mozilla.com/D45627 --HG-- extra : moz-landing-system : lando
2019-09-16 23:14:55 +00:00 · 2019-09-16 23:14:55 +00:00 · 1f46c9a2b1
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -19,7 +19,11 @@
 // improves readability, particular for conditional blocks that exceed a single
 // screen.

-pref("security.tls.version.min", 1);
+#ifdef RELEASE_OR_BETA
+  pref("security.tls.version.min", 1);
+#else
+  pref("security.tls.version.min", 3);
+#endif
 pref("security.tls.version.max", 4);
 pref("security.tls.version.fallback-limit", 4);
 pref("security.tls.insecure_fallback_hosts", "");