This is a requested feature for secure-proxy.

fyi

https://hg.mozilla.org/mozilla-central/rev/bcbb45f7d4f1

(In reply to Andrea Marchesini [:baku] from comment #0)

This is a requested feature for secure-proxy.

This is very low on details for this request. Can you please provide more info here? Why would secure proxy need to change this, and why then does this need to be a privileged-only setting?

ni?baku for a response...

I requested privileged because this can limit the level of TLS support, and I'm not certain I want extensions to be able to do that, certainly not without a deeper examination of the issues around that, and especially without having a good way to explain the potential impact to most end users. It's easier to make this generally available than to take it away later.

This is very low on details for this request. Can you please provide more info here? Why would secure proxy need to change this, and why then does this need to be a privileged-only setting?

Secure-Proxy requires TLS 1.3. We want to be sure that, when the proxy is on, the TLS max version is set to 1.3.
I don't think it's a good idea to give the ability to change TLS versions to any extension. Reducing the TLS version can have a strong security impact.

Hello Andrea,

Could you please provide more details or some test scenarios for QA to be able to verify this enhancement?
Should we make use of this extension in order to test: https://github.com/mozilla/secure-proxy ?
I am assuming that it requires manual qa but if it does not then please set the "qe- verify" tag. Thank you!

No need QA for this bug. We have enough mochitests.

docnote: network.tlsVersionRestriction can be read, but requires privileged signature to write, otherwise an exception is thrown.

MDN updates available for review: content and BCD.