cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mrleerkotte
New member
Status: New idea

Currently Firefox for Android does not seem to support mTLS. I use this on the desktop with either a smartcard (PIV) or a client certificate loaded into the system keychain.

Supporting this would allow for secure authentication and authorization without the need for an additional login provider.

5 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

mozsay
New member

Chrome on Android supports this feature out of the box.

There are a number of opensource android application that supports mTLS: home-assistant, nextcloud talk, nextcloud (patch in progress). mTLS provide 'VPN' like protection for any self hosted application without draining the phone batteries -

There are a huge number of security benefit provided by mTLS asside of the 'authentication layer'; it prevents by design web-application authentication bypasses; and also significantly reduces the windows of vulnerability exposure. 

Cloudflare provides mTLS authentication, this option also exist in Microsoft 365 (but not frequently used which is a shame as this would prevent a huge number of phishing attacks!!!).

mTLS is supported by the desktop browser version - can the adoption on mobile be accelerated?

zedpie
New member

Mutual TLS authentication (mTLS), "client certificates", is an important tool to harden the security of internal systems (which may be exposed to the internet), both in professional and home settings.

While Firefox supports mTLS on desktop, the lack of support on mobile is hinder that makes the mobile edition seem like a problem. This forces me to in instructions include writings like "use the Chrome browser while on mobile devices or tablets".

I'd also really like to myself be qble to use Firefox for these situations.

DerLev
Strollin' around

I have just transitioned from authentication with an auth provider to using mTLS just to realize that I cannot use my internal services on my phone. It's really a shame since almost every other browser on Android supports mTLS. I really want to stay on Firefox to have this unified experience @zednet has described above. Why is such a substantial security feature missing?

pekadp
New member

Really sad that firefox can't do that..

mtls is mandatory when you have self hosted apps..