Firefox is blocking me from my firewall appliance!
When attempting to connect, I receive this error from Firefox:
Unable to Connect Securely
Firefox cannot guarantee the safety of your data on 192.168.1.1 because it uses SSLv3, a broken security protocol. Advanced info: ssl_error_no_cypher_overlap
How do I disable this SSLv3 protection in order to access and manage critical legacy appliances on my intranet? Is there an exception list, so I needn't disable it outright?
about:config -> type ssl3 in the search bar at the top and enable protocols until it works
Think for yourself. Otherwise you have to believe what other people tell you. A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve. Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
I stepped through the ssl3 protocols, turning each "false" value to "true." No change. Then, with all values "true," I restarted Firefox again and still no change. Believing that my understanding of the value was maybe incorrect, I turned all default "true" entries to "false" too, restarted Firefox, and again no change.
There are rumors about completely deactivating SSLv3. If that's the case you need an equal old firefox. For the next time you can use Firefox 32 ESR. I did not understood if SSLv3 is simply switched off or completely removed.
Think for yourself. Otherwise you have to believe what other people tell you. A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve. Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
Prior to posting here, I found a recommendation to disable SSLv3 by changing security.tls.version.min from "0" (default) to "1." I expected the reverse operation to have the opposite effect (in FF 34, the default is now "1"). But, it turns out, you must also change security.tls.version.fallback-limit to "0" too. This was a lucky guess on my part. And, to be clear, protocols are back to their defaults.
I hope this helps anybody else stuck in my situation.
Thanks for reporting. I did not know about the fallback pref.
Think for yourself. Otherwise you have to believe what other people tell you. A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve. Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
I appreciate knowing how to accommodate this issue --- I didn't realize it but one of my clients had to have their entire staff revert to IE due to this issue. A major supplier of theirs is using the older SSL and IE, at least, allows the option of continuing in spite of the risk.
I really like it when software gives me the OPTION of protecting myself. I like that almost as much as I'm angered when software presumes to know more about how I should use my system than I know.
So thanks for doing what Firefox should have built into their "Learn more" box.
If you really need to access these vulnerable pages on occasion then this extension will make it easier to toggle back and forth as being able to view SSL 3.0 by default is not a good idea. https://addons.mozilla.org/firefox/addon/ssl-version-control/
FYI: Mozilla intends to deprecate SSLv3 with 39.0 (meaning, remove the code supporting it entirely rather than just disabling it by default), given that there is an IETF standards draft already requesting it to be retired. Thus, TLS 1.0 would be the minimum version allowed to be in compliance with the standard (hence website providers will finally have to upgrade their servers).
I think I read that Google is doing the same with Chrome.
Think for yourself. Otherwise you have to believe what other people tell you. A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve. Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
Unless they port that patch to the 38.0 ESR branch, it would be the fallback solution for anybody still needing SSL 3.0 for whatever reason (at least as long as that extended-support branch lasts).
Fire 750, bring back 250. Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
mozillaZine is an independent Mozilla community and advocacy site. We're not affiliated or endorsed by the Mozilla Corporation but we love them just the same.