Https-everywhere: Firefox will disable support for TLS 1.0 and TLS 1.1

@cschanaj Chrome 77 still has TLS 1.0 and TLS 1.1 enabled. IMO March 2020 is not a date that should cause immediate concern. I feel this should be closed for time being.

I think this is similar to #17912 in the sense that once the vendor removed the support for TLS 1.0 and TLS 1.1, we will be redirecting our users to malfunction pages. IMHO We should act early by requiring TLS 1.2 or later on Travis to minimize the impact it might have.

@cschanaj Makes sense, we need @zoracon's opinion though.

To be honest, any website that doesn't support at least TLS 1.2 may reasonably be expected to have other issues, such as mixed content or lack of support of secure ciphers. I am for this change.

@cschanaj Considering that these browsers will likely put up security warnings for sites on TLS 1.0 and 1.1. I want to check out and investigate the SSL warning they will likely be thrown in the error object (unless someone already knows this). Because we will have to update Travis and some of the JS in background.js that accounts for SSL warnings.

Be aware that these changes will appear in pre-release versions of Firefox (Beta, Developer Edition, and Nightly) earlier than March 2020. We will announce specific dates when we have more detailed plans.

Gonna dig through these pre-release versions and correspond with a contact to account for that future SSL warning that will likely be thrown

TLDR;
I support this, just don't want to make this change until I confirm that it has been disabled in Beta (unless someone knows that they have or not already in this thread)

@zoracon I may test right now.

@zoracon Current macOS Nightly still has TLS v1.0 enabled.

@zoracon Current macOS Nightly still has TLS v1.0 enabled.

Thank you for testing @pipboy96, going to reach out and see what updates they have on this timeline. Let's hold off for now, but thank you for bringing this to attention @cschanaj

@zoracon I can also test HTTPS Everywhere on Chromium version of Edge.

@zoracon @pipboy96 in case you might want to test anything, https://alum.ust.hk/ uses TLSv1.0 and throws warning in Firefox 69 console.

Nightly has the warning up! This will be in stable in December. So let's plan by end of November to update Travis.

Also, I rather we not have the interstitial EASE page for this warning, since the page does not offer a way to enable TLS 1.0, 1.1. I want to stay out of the browser's way on this one.

@zoracon Does this create an EASE page right now?

@zoracon I tested with Nightly and it doesn't show an EASE warning.

Green lighting this since we are coming to the end of the month.

@zoracon Are we going to do a full fetch test soon?

@zoracon Are we going to do a full fetch test soon?

Yes, and starting here so installs and versions are up to date. Looking into this portion today and #13829 to look over the items needed to be done to run this