|
|
Log in / Subscribe / Register

Disable HTTPS upgrade?

Disable HTTPS upgrade?

Posted Mar 6, 2025 15:32 UTC (Thu) by arita (subscriber, #176355)
In reply to: Disable HTTPS upgrade? by taladar
Parent article: Firefox 136.0 released

Could they also have an https record to help alleviate that pre-loading issue?

to post comments

Disable HTTPS upgrade?

Posted Mar 6, 2025 17:37 UTC (Thu) by draco (subscriber, #1792) [Link] (1 responses)

That's RFC 9460. Firefox has support but it's apparently disabled by default. Chrome supposedly has support too, but I can't find any documentation that it is actually enabled and working (or any flag to turn it on).

Browsers have long resisted adding any DNS lookups to the dependency chain for loading a page because they say people are extremely latency sensitive. It sounds like platform support for arbitrary DNS record types has been problematic too.

Hence they've ignored a number of records that have been proposed to improve security (e.g., TLSA).

I think that RFC was developed with their input to try to address their needs, so it's really sad to see it not be enabled. Though it's at least implemented, which is progress, I guess?

Disable HTTPS upgrade?

Posted Mar 7, 2025 11:13 UTC (Fri) by arita (subscriber, #176355) [Link]

I found it thanks to https://hg.mozilla.org/integration/autoland/rev/34c9c9b0de17. Seems to be enabled by default for roughly the last 4 years in firefox.

about:config
network.dns.upgrade_with_https_rr = true
network.dns.use_https_rr_as_altsvc = true


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds