MozillaZine

Firefox 52ESR and Paypal

Discussion of general topics about Mozilla Firefox
85rx-7se
 
Posts: 247
Joined: March 10th, 2006, 12:41 pm

Post Posted June 8th, 2018, 9:11 am

What is the non esr equivalent of Firefox 52ESR ? ? Paypal site is making some changes at end of June 2018
and some browsers may or may not work. Also what level of security does Firefox 52ESR (latest version) support
as far TLS or SSL encryption ? ? ?

Thanks

makaiguy

User avatar
 
Posts: 16623
Joined: November 18th, 2002, 6:44 pm
Location: Somewhere in SE USA

Post Posted June 8th, 2018, 11:17 am

Paypal announced over a year ago that they will require HTTP 1.1 and TLS 1.2. Looks like they are going to start enforcing this this month (June 2018).

Firefox for some time now has used HTTP version 1.1 as default. To check yours:

Enter about:config in the Address/URL bar.
Press the big button to bypass the warning (if you haven't turned this off already).
Enter http.version in the Filter bar to limit display to just options containing 'http.version'.
Check the value shown for network.http.version.
If it's not 1.1 double-click on network.http.version and change it to 1.1.

Likewise, while in about:config:
Enter tls.version in the Filter bar.
Check the value shown for security.tls.version.max -- it must be 3 to connect to secure servers using TLS 1.2.

Also check the value shown for security.tls.version.min -- it should be set to a lower value than 3 so you can still negotiate a secure connection on those sites not yet using TLS 1.2. Many sites still use TLS 1.1 (a setting of 2), but you may run into some still on TLS 1.0 (setting of 1).
Doug Wilson, "The Makai Guy"
Win10 (64bit): FF 52.9.0 ESR (64bit), TB 52.9.1(32bit) ║ Android 8.0/7.1.1: FF 60.0.2 No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers

85rx-7se
 
Posts: 247
Joined: March 10th, 2006, 12:41 pm

Post Posted June 8th, 2018, 12:22 pm

okay ... security.tls.version.max was already at 3 ... security.tls.version.min was already at 1
and network.http.version was already at 1.1 ... so it seems I am okay .. this firefox 52.8.0ESR
I was wondering if there are upcoming changes to security that 52ESR (latest version) when it
comes out will be able to handle them.

James
Moderator

User avatar
 
Posts: 27352
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted June 8th, 2018, 2:05 pm

PayPal is looking for Firefox 49.0 and later. https://www.paypal.com/us/smarthelp/article/how-do-i-check-and-update-my-web-browser-faq3893

Firefox has supported TLS 1.2 by default since Firefox 27.0 Release (Feb 4, 2014) (or any SeaMonkey using Gecko 27.0 or later) as per Bug#861266

From Firefox 60 Release Notes:
On-by-default support for draft-23 of the TLS 1.3 specification


There are TLS settings prefs on the about:config page that specify the minimum and maximum TLS version.

security.tls.version.min = 1
security.tls.version.max = 4
1 means TLS 1.0
2 means TLS 1.1
3 means TLS 1.2 (default for max as of 27 to 59)
4 means TLS 1.3 (default for max as of 60)

http://kb.mozillazine.org/security.tls.version.*


85rx-7se wrote:I was wondering if there are upcoming changes to security that 52ESR (latest version) when it
comes out will be able to handle them.

Nothing to update for Firefox 52 ESR in this case and the legacy 52 ESR is almost EOL. The 52.9.0 ESR will be the last major update and may get minor updates for security and allowed stability as needed until Sept 5 when 60.2.0esr is Released and 52 ESR is made EOL.

85rx-7se
 
Posts: 247
Joined: March 10th, 2006, 12:41 pm

Post Posted June 8th, 2018, 2:46 pm

So should we set security.tls.version.max to "4" in Firefox 52.8.0ESR or will it be set that way by default when 52.9.0ESR comes out ? ?

James
Moderator

User avatar
 
Posts: 27352
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted June 8th, 2018, 3:13 pm

No need to toggle the security.tls.version.max as 52 ESR supports TLS 1.2 already as PayPal needs 1.1 at minimum. Setting it to 4 may not actually work in fully supporting TLS 1.3.

Besides Firefox 59.0 may be the oldest Release to support TLS 1.3

ESR or Extended Support Release is all about stability and not features so I doubt Mozilla will back port TLS 1.3 support for just 52.9.x ESR that will soon be EOL.


For reading only as the general issues tracker Bugzilla is Not a discussion forum.

Gradual roll-out of TLS 1.3 on release channel (59)
https://bugzilla.mozilla.org/show_bug.cgi?id=1442042#c62


Not sure if it is actually fully supporting TLS 1.3 but I changed security.tls.version.max to 4 in my Firefox 52.7.3esr install (from Mozilla) and https://www.ssllabs.com/ssltest/viewMyClient.html at least thinks my Firefox 52.7.3esr supports TLS 1.3.

85rx-7se
 
Posts: 247
Joined: March 10th, 2006, 12:41 pm

Post Posted June 9th, 2018, 4:30 am

I just made that change and it also now shows TLS 1.3 .. SSL was the old way, correct ?
And just for info: Firefox is now at 52.8.1 ESR version

James
Moderator

User avatar
 
Posts: 27352
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted June 9th, 2018, 1:49 pm

SSLv3 is no longer secure and was disabled by default in Firefox since 34.0 https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

I know what version the legacy Firefox 52 ESR and the current 60.0 ESR (60.0.2esr) are at https://www.mozilla.org/firefox/organizations/ as I was just testing it. I only use the 52 ESR for to download with DownThemAll extension as the same download sites tends to not download nearly as fast if I just download in browser.

The legacy 52 ESR is almost EOL as 52.9.0 esr out on June 26 will be the last majo9r update apart from any 52.9.x esr minor updates for security and or allowed stability fixes as it will be EOL on Sept 5 when 60.2.0esr is Released.

85rx-7se
 
Posts: 247
Joined: March 10th, 2006, 12:41 pm

Post Posted June 9th, 2018, 2:22 pm

I will stay on 52.9.0ESR after it comes out. My old XP P4 is 32 bit and newer releases will not run on it. I may add Opera 36 to that box as well as a secondary if I need to use it. I really do not need a 64 bit web browser.

Frank Lion

User avatar
 
Posts: 20035
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom

Post Posted June 9th, 2018, 3:41 pm

James wrote:No need to toggle the security.tls.version.max as 52 ESR supports TLS 1.2 already as PayPal needs 1.1 at minimum. Setting it to 4 may not actually work in fully supporting TLS 1.3.

Besides Firefox 59.0 may be the oldest Release to support TLS 1.3

SeaMonkey 2.49.3 supports TLS 1.3 if max=4. The Firefox equivalent is v.52, I seem to recall.

85rx-7se wrote:I will stay on 52.9.0ESR after it comes out. My old XP P4 is 32 bit and newer releases will not run on it. I may add Opera 36 to that box as well as a secondary if I need to use it. I really do not need a 64 bit web browser.

Thanks for sharing.
Metal Lion latest SeaMonkey & Thunderbird Themes - Sea Monkey and Silver Sea Monkey
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)

Brummelchen
 
Posts: 3578
Joined: March 19th, 2005, 10:51 am

Post Posted June 10th, 2018, 2:33 am

i wont change any until it hits the browser. but good to know when upcoming
My old XP P4 is 32 bit

the P4 is capable to run Windows 7/8/10 depending on its release date (2001-2005), the latest P4 offers HT.

85rx-7se
 
Posts: 247
Joined: March 10th, 2006, 12:41 pm

Post Posted June 10th, 2018, 4:12 am

Yes, but my old Dell Dimension 8200 can only take 2GB of RAM (which it does have) and can not run 64 bit OS as they need more than that.
2GB would work for Windows 7 (which I have a copy of Win 7 Ultimate (legit) which at some point I may try to dual boot XP PRO and Windows 7 then gradually start to move programs over to it. Another option is to upgrade in place to Vista, then upgrade in place to Windows 7, then it could go to Windows 10 32 as an in place upgrade. But problems may arise doing it that way. Or maybe I will try to partition the drive and dual boot XP and Windows 10 32 Bit

Frank Lion

User avatar
 
Posts: 20035
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom

Post Posted June 10th, 2018, 5:17 am

85rx-7se wrote:Yes, but my old Dell Dimension 8200 can only take 2GB of RAM (which it does have) and can not run 64 bit OS as they need more than that.
2GB would work for Windows 7 (which I have a copy of Win 7 Ultimate (legit) which at some point I may try to dual boot XP PRO and Windows 7 then gradually start to move programs over to it. Another option is to upgrade in place to Vista, then upgrade in place to Windows 7, then it could go to Windows 10 32 as an in place upgrade. But problems may arise doing it that way. Or maybe I will try to partition the drive and dual boot XP and Windows 10 32 Bit

What does that have to do with this? -

85rx-7se wrote:What is the non esr equivalent of Firefox 52ESR ? ? Paypal site is making some changes at end of June 2018
and some browsers may or may not work. Also what level of security does Firefox 52ESR (latest version) support
as far TLS or SSL encryption ? ? ?

Thanks
Metal Lion latest SeaMonkey & Thunderbird Themes - Sea Monkey and Silver Sea Monkey
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)

4td8s
 
Posts: 602
Joined: June 24th, 2009, 1:07 pm

Post Posted July 2nd, 2018, 4:18 pm

Brummelchen wrote:i wont change any until it hits the browser. but good to know when upcoming
My old XP P4 is 32 bit

the P4 is capable to run Windows 7/8/10 depending on its release date (2001-2005), the latest P4 offers HT.


unfortunately the Dell Dimension 8200 computer that 85rx-7se is using does not allow nor support hyperthreaded pentium 4s and is a mid-2002 model PC (check the user guide for that Dell computer here). his PC only supports up to 2.8Ghz Pentium 4 and 2Gb of RDRAM (RAMBUS RAM) chips and those RAM chips were pretty expensive back then.

Return to Firefox General


Who is online

Users browsing this forum: No registered users and 2 guests