{"id":2808,"date":"2021-10-05T01:07:05","date_gmt":"2021-10-05T08:07:05","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2808"},"modified":"2021-10-05T01:07:05","modified_gmt":"2021-10-05T08:07:05","slug":"securing-connections-disabling-3des-in-firefox-93","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/","title":{"rendered":"Securing Connections: Disabling 3DES in Firefox 93"},"content":{"rendered":"<p>As part of our continuing work to ensure that Firefox provides secure and private network connections, it periodically becomes necessary to disable configurations or even entire protocols that were once thought to be secure, but no longer provide adequate protection. For example, last year, early versions of the Transport Layer Security (TLS) protocol were <a href=\"https:\/\/hacks.mozilla.org\/2020\/02\/its-the-boot-for-tls-1-0-and-tls-1-1\/\">disabled by default<\/a>.<\/p>\n<p>One of the options that goes into configuring TLS is the choice of which encryption algorithms to enable. That is, which methods are available to use to encrypt and decrypt data when communicating with a web server?<\/p>\n<h2>Goodbye, 3DES<\/h2>\n<p>3DES (&#8220;triple DES&#8221;, an adaptation of DES (&#8220;Data Encryption Standard&#8221;)) was for many years a popular encryption algorithm. However, as attacks against it have become stronger, and as other more secure and efficient encryption algorithms have been standardized and are now widely supported, it has fallen out of use. Recent measurements indicate that Firefox encounters servers that choose to use 3DES about as often as servers that use deprecated versions of TLS.<\/p>\n<p>As long as 3DES remains an option that Firefox provides, it poses a security and privacy risk. Because it is no longer necessary or prudent to use this encryption algorithm, it is disabled by default in Firefox 93.<\/p>\n<h2>Addressing Compatibility<\/h2>\n<p>As with disabling obsolete versions of TLS, deprecating 3DES may cause compatibility issues. We hypothesize that the remaining uses of 3DES correspond mostly to outdated devices that use old cryptography and cannot be upgraded. It may also be that some modern servers inexplicably (perhaps unintentionally) use 3DES when other more secure and efficient encryption algorithms are available. Disabling 3DES by default helps with the latter case, as it forces those servers to choose better algorithms. To account for the former situation, Firefox will allow 3DES to be used when deprecated versions of TLS have manually been enabled. This will protect connections by default by forbidding 3DES when it is unnecessary while allowing it to be used with obsolete servers if necessary.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As part of our continuing work to ensure that Firefox provides secure and private network connections, it periodically becomes necessary to disable configurations or even entire protocols that were once &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/\">Read more<\/a><\/p>\n","protected":false},"author":525,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69,45499],"tags":[],"coauthors":[45543],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Securing Connections: Disabling 3DES in Firefox 93 - Mozilla Security Blog<\/title>\n<meta name=\"description\" content=\"Firefox will stop using 3DES to communicate with web servers by default in version 93.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dana Keeler\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/\",\"name\":\"Securing Connections: Disabling 3DES in Firefox 93 - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2021-10-05T08:07:05+00:00\",\"dateModified\":\"2021-10-05T08:07:05+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/ceb71f5b00305c4b5fd2028deb101736\"},\"description\":\"Firefox will stop using 3DES to communicate with web servers by default in version 93.\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing Connections: Disabling 3DES in Firefox 93\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/ceb71f5b00305c4b5fd2028deb101736\",\"name\":\"Dana Keeler\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/8a8a12f35e73f4f9942eb18d86c4828b\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/72636a193847f1a9c45521d07eb0dc6e?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/72636a193847f1a9c45521d07eb0dc6e?s=96&d=identicon&r=g\",\"caption\":\"Dana Keeler\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing Connections: Disabling 3DES in Firefox 93 - Mozilla Security Blog","description":"Firefox will stop using 3DES to communicate with web servers by default in version 93.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/","twitter_misc":{"Written by":"Dana Keeler","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/","url":"https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/","name":"Securing Connections: Disabling 3DES in Firefox 93 - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2021-10-05T08:07:05+00:00","dateModified":"2021-10-05T08:07:05+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/ceb71f5b00305c4b5fd2028deb101736"},"description":"Firefox will stop using 3DES to communicate with web servers by default in version 93.","breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2021\/10\/05\/securing-connections-disabling-3des-in-firefox-93\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Securing Connections: Disabling 3DES in Firefox 93"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/ceb71f5b00305c4b5fd2028deb101736","name":"Dana Keeler","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/8a8a12f35e73f4f9942eb18d86c4828b","url":"https:\/\/secure.gravatar.com\/avatar\/72636a193847f1a9c45521d07eb0dc6e?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/72636a193847f1a9c45521d07eb0dc6e?s=96&d=identicon&r=g","caption":"Dana Keeler"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2808"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/525"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=2808"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2808\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=2808"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=2808"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=2808"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=2808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}