MozillaZine

RC4 SSL issue?

User Help for Mozilla Firefox
geohei
 
Posts: 234
Joined: March 6th, 2005, 2:59 pm

Post Posted October 11th, 2017, 5:04 am

Hi.

I use Firefox 55.0.2.

I'd like to remote access a router (Fritzbox 7570 / 75.04.92 - latest firmware).

I get this message:
Secure Connection Failed
The connection to xxx.dyndns.org was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Learn moreā€¦
Report errors like this to help Mozilla identify and block malicious sites
Try again

I can access locally. So router is basically ok.
I believe it's an RC4 SSL issue but not sure.
Is there anything I can do to get access to this page again?

FF online help wasn't helpful since not exactly matching my error.
https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean
I don't have an "Advanced" button.

Any about:config changed which would help?
Any plugin?

Thanks,
Cu, geohei

TheVisitor
 
Posts: 4415
Joined: May 13th, 2012, 10:43 am

Post Posted October 11th, 2017, 5:28 am

RC4 is blocked due to its vulnerabilities - more detailed info here: https://blog.mozilla.org/security/2015/ ... c4-cipher/

Further info - seems its blocked by all major browsers at this point:
https://venturebeat.com/2015/09/01/goog ... next-year/

geohei
 
Posts: 234
Joined: March 6th, 2005, 2:59 pm

Post Posted October 11th, 2017, 5:41 am

1.
I'm not sure wthether this is RC4 for my particular site (router web interface).
The RC4 SSL issue was a wild assumption from my side.
There's no clear message Firefox shows that it is in fact RC4 which blocks.
How can I find out for sure?

2.
If RC4 is the reason for connection refusal, is there anything (!?) I could do on the Firefox (client) side to remotely access the router web interface nevertheless?
Cu, geohei

TheVisitor
 
Posts: 4415
Joined: May 13th, 2012, 10:43 am

Post Posted October 11th, 2017, 6:25 am

You could perhaps look in the 'Browser Console' and see if it reports blocked on RC4, not sure if that will reveal the info your looking for.

What AV (Antivirus) are you using ?

geohei
 
Posts: 234
Joined: March 6th, 2005, 2:59 pm

Post Posted October 12th, 2017, 12:17 am

This was a good idea I didn't think about, but no, I didn't see anything. I have to say however that I'm not really very confident in how to use/interpret the console output, but I didn't see any RC4 related messages. Could you perhaps tell me exactly where to look for (just to be sure I didn't miss anything)?

The tests I did were in a virtual machine (Windows 7) without any AV software. So that one can't be blocking.
Cu, geohei

geohei
 
Posts: 234
Joined: March 6th, 2005, 2:59 pm

Post Posted October 13th, 2017, 3:37 am

Is there no possibility to add an exception (in about:config) for a certain URL which is known to be secure irrespectively of SSL certificate used (e.g. like RC4 like in my case - probably)?
Cu, geohei

therube

User avatar
 
Posts: 17799
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted October 13th, 2017, 11:37 am

I believe it's an RC4 SSL issue but not sure.

Can you access the box with an older FF version (seemingly before FF 44), where RC4 was still allowed?
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

James
Moderator

User avatar
 
Posts: 27083
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted October 13th, 2017, 1:51 pm

Normally this error occurs on a website or a old router that is outdated in still supporting RC4.

RC4 support has been completely removed in Firefox 50 as it is no longer able to be overridden.
https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/

geohei
 
Posts: 234
Joined: March 6th, 2005, 2:59 pm

Post Posted October 14th, 2017, 12:45 am

@therube
I didn't try any <FF44 version so far.
Are such old FF versions still available?
I would install an Ubuntu VM for this purpose for security reason in this case.

@James
Ok, so no config changes and no (kind of) RC4 plugin which still enables RC4.
Thanks.
Cu, geohei

James
Moderator

User avatar
 
Posts: 27083
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted October 14th, 2017, 12:55 am

For Windows you could use a older version of Firefox with portable version. It can be run on hdd or even a usb flash drive and will be self contained with Profile so it will not affect your Profile used with Firefox 55.0 install. Have to hover over links to see what version is for folder. https://sourceforge.net/projects/portableapps/files/Mozilla%20Firefox%2C%20Portable%20Ed./

Here is for example Fx 43.0.4 folder
https://sourceforge.net/projects/portableapps/files/Mozilla%20Firefox%2C%20Portable%20Ed./Mozilla%20Firefox%2C%20Portable%20Edition%2043.0.4/

geohei
 
Posts: 234
Joined: March 6th, 2005, 2:59 pm

Post Posted October 15th, 2017, 12:28 pm

Ok, I tried the following versions (in this order):

FirefoxPortable_43.0.4_English.paf.exe
FirefoxPortable_39.0.3_English.paf.exe
FirefoxPortable_33.1.1_English.paf.exe
FirefoxPortable_8.0.1_English.paf.exe

Still no joy.
With 8.0.1 I get the following page:

The connection was interrupted
The connection to xxx.dyndns.org was interrupted while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.
Try again


Is this for sure an RC4 issue?
I went back to FF 8.0.1 !!!
AFAIK should RC4 work with that version.

Again ... I have no AV software active on my Windows7 system!
Cu, geohei

dickvl

User avatar
 
Posts: 52279
Joined: July 18th, 2005, 3:25 am

Post Posted October 15th, 2017, 3:19 pm

If you can access the router via another browser (Google Chrome or IE) then you can check the connection settings and the certificate.

Did this ever work before in Firefox?

Maybe try a HTTP log, see about:networking
https://developer.mozilla.org/Mozilla/D ... TP_logging

therube

User avatar
 
Posts: 17799
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted October 17th, 2017, 4:57 pm

Is this for sure an RC4 issue?

(Assuming) that as some point in the past, older FF did work for you, then I would think it is not a RC4 issue.

Error loading websites
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

geohei
 
Posts: 234
Joined: March 6th, 2005, 2:59 pm

Post Posted October 25th, 2017, 2:06 am

I followed James's hint to give the portable versions of FF a try.
Indeed, this worked.
33.1.1 of the 4 (above mentioned) versions worked.
39.0.3 didn't.
I didn't try anything in between.
So I strongly believe it's RC4.

Thanks for the answers!
Cu, geohei

Return to Firefox Support


Who is online

Users browsing this forum: LIMPET235 and 33 guests