Error code: ssl_error_no_cypher_overlap w/ self-signed https

[Michael Felt]

Since the diginotar issue it seems we are being protected from all self-signed certificates. This works terribly with firmware that has an interface based on https.

I started getting "errors" back when FF3 first came out - I could resolve the issues by going to about: config and setting security.ssl3.rsa_rc2_40_md5;true.

However, this no longer works.

Next I went back to an older version of Firefox (3.6.17) and it worked for awhile. A company update updated FF to 3.6.22 and now I cannot connect to the firmware, so I cannot turn devices on/off/etc.

This is ALSO a security breach - no availability.

I do not know who thought that disabling all self-signed certificates was going to improve security. It is a bad call.

Question: how to setup FF so that it will accept https, 40-bit SSL again?

p.s. I have also tried turning on all SSL2 settings.
p.p.s. I think a new error message, specifically for self-signed certificates, would be an improvement - as this message is being used for too many issues with different origins/causes.

Thx.

[Michael Felt]

p.s. updating firmware of the device is not possible - it is too old. And even if new firmware might solve it, how would the firmware be installed when all connectivity is refused.
M

[Michael Felt]

found it: too many reinstalls lately: needed to be rc4 rather than rc2.
My error
security.ssl3.rsa_rc4_40_md5;true. reopen connections using OLD versions. Once the newest version is installed, connections are refused.

[Michael Felt]

This issue is back again, and with a vengeance.

New (fresh) installs do not even include any of security.ssl3.rsa_rc4_40* in the about:config screens.
In updated installs, I see the variable, but it has no effect.

Looks like I may need to switch from FF to something else - after all these years.