Thunderbird: Support current and future TLS protocol versions
Mozilla Thunderbird, as shipped in TAILS 4.1, currently supports TLSv1.2
as the highest protocol version according to the
security.tls.version.max=3 preference. However, TLSv1.3 has been
specified and implementations are available and in use, so TAILS should
consider supporting TLSv1.3 (
potentially any newer protocols versions (
Please discuss the following:
- Should TLSv1.3 be supported in Thunderbird in TAILS?
- Does TLSv1.3 introduce new privacy risks, and if so, which additional counter measures would be needed? Has this been discussed elsewhere previously (Firefox in TAILS 4.1 already supports TLSv1.3) and are these findings applicable to Thunderbird?
- If TLSv1.3 introduces new privacy risks, do its new security and privacy features/properties outweigh its (mitigatable?) privacy risks?
- Should the maximum TLS protocol version continue to be fixed to a
specific version in Thunderbird in TAILS (in contrary to Firefox, I
assume - please verify!) or should any upstream TLS protocol
version support land into Thunderbird on TAILS unhindered?
- What is the risk trade-off between inadvertently supporting newer TLS protocol versions which have not yet undergone privacy risk assessment through Tor/TAILS vs. missing out on new security and privacy features newer TLS protocol versions may introduce (and have done in the past).
- If a decision is made here to continue restricting the maximum TLS protocol version supported, should this also be applied to other software (and the system as a whole) in TAILS?
Testing Thunderbird TLS protocol support on TAILS:
- Start Thunderbird
- Create any account
- Access the menu using the ☰ Hamburger icon
- Navigate to ► Tools ► Developer Tools ► Error Console
window.open('https://www.ssllabs.com/ssltest/viewMyClient.html');and press Enter
- An e-mail compositor window opens with a (“simple HTML”) rendering of this web page embedded on its mail body.
Feature Branch: bugfix/17333-support-tls-1.3