Can't connect to internal network device using SSL (ffx 39)
Using FFX 39, trying to connect (https) to a couple on INTERNAL network dvices but get the error ssl_error_weak_server_cert_key .
Currently, we had to make changes to access out Exchange server webmail internally security.tl.version.min = 0 security.tl.version.fallback-limit = 0
This devicedoes not have firmware updates and standard http does not work. I was accessing these devices in 38.0.5 but the update to 29 in the past 24hr has stopped this.
The devices are D-Link DFL-800 (VPN Firewall).
This is happening on Win7 & Win8 machines also.
Is there anyway to access these?
I tried to upload an image but it times out.
Brian
Toutes les réponses (5)
I'm not sure if you can still make Firefox use SSL3 (security.tls.version.min = 0) in the current release or that this has been removed.
It is possible that used cipher suites have been disabled. Firefox 39 includes a fix for the Logjam vulnerability and has disabled cipher suites that are involved with the Logjam attack.
- security.ssl3.dhe_rsa_aes_128_sha
- security.ssl3.dhe_rsa_aes_256_sha
Logjam: How Diffie-Hellman Fails in Practice:
I have tried toggling all the security.ssl3 options but no combination works.
There is this bug, so it looks that you are out of luck.
- bug 1106470 - Drop SSLv3 support entirely
Note that it is better to add a host to a whitelist pref instead of disabling this feature.
- security.tls.insecure_fallback_hosts
- security.tls.unrestricted_rc4_fallback
You can open the about:config page via the location/address bar and use its search bar to locate this pref:
- security.tls.insecure_fallback_hosts
You can double-click the line to modify the pref and add the full domain (TEXT) to the value of this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). There should only be domains separated by a comma in the Value column (example.com,www.example.com).
- https://developer.mozilla.org/en-US/Firefox/Releases/36/Site_Compatibility#Security
- https://developer.mozilla.org/en-US/Firefox/Releases/37/Site_Compatibility#Security
- https://developer.mozilla.org/en-US/Firefox/Releases/38/Site_Compatibility#Security
- https://developer.mozilla.org/en-US/Firefox/Releases/39/Site_Compatibility#Security
I had already tried security.tls.insecure_fallback_hosts without success.
Brian
And it is also impacting our Dell Openmanage access https://server:1311 .