MozillaZine

How to Enable SSL v3?

User Help for Mozilla Firefox
dave_d
 
Posts: 3
Joined: December 3rd, 2014, 11:49 am

Post Posted December 3rd, 2014, 12:09 pm

Hi all,

Firefox is blocking me from my firewall appliance!

When attempting to connect, I receive this error from Firefox:

Unable to Connect Securely

Firefox cannot guarantee the safety of your data on 192.168.1.1 because it uses SSLv3, a broken security protocol.
Advanced info: ssl_error_no_cypher_overlap

How do I disable this SSLv3 protection in order to access and manage critical legacy appliances on my intranet? Is there an exception list, so I needn't disable it outright?

Thank you very much!

Dave

trolly
Moderator

User avatar
 
Posts: 39899
Joined: August 22nd, 2005, 7:25 am

Post Posted December 3rd, 2014, 12:39 pm

about:config -> type ssl3 in the search bar at the top and enable protocols until it works
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.

dave_d
 
Posts: 3
Joined: December 3rd, 2014, 11:49 am

Post Posted December 3rd, 2014, 1:20 pm

Thank you, trolly, but that didn't work.

I stepped through the ssl3 protocols, turning each "false" value to "true." No change. Then, with all values "true," I restarted Firefox again and still no change. Believing that my understanding of the value was maybe incorrect, I turned all default "true" entries to "false" too, restarted Firefox, and again no change.

Any ideas? I truly appreciate it.

trolly
Moderator

User avatar
 
Posts: 39899
Joined: August 22nd, 2005, 7:25 am

Post Posted December 3rd, 2014, 1:24 pm

There are rumors about completely deactivating SSLv3. If that's the case you need an equal old firefox. For the next time you can use Firefox 32 ESR.
I did not understood if SSLv3 is simply switched off or completely removed.
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.

dave_d
 
Posts: 3
Joined: December 3rd, 2014, 11:49 am

Post Posted December 3rd, 2014, 2:21 pm

Ah! I figured it out.

Prior to posting here, I found a recommendation to disable SSLv3 by changing security.tls.version.min from "0" (default) to "1." I expected the reverse operation to have the opposite effect (in FF 34, the default is now "1"). But, it turns out, you must also change security.tls.version.fallback-limit to "0" too. This was a lucky guess on my part. And, to be clear, protocols are back to their defaults.

I hope this helps anybody else stuck in my situation.

Thank you, trolly!

trolly
Moderator

User avatar
 
Posts: 39899
Joined: August 22nd, 2005, 7:25 am

Post Posted December 3rd, 2014, 3:37 pm

Thanks for reporting. I did not know about the fallback pref.
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.

dbdataplus
 
Posts: 17
Joined: October 19th, 2009, 9:06 am

Post Posted March 5th, 2015, 11:36 am

I appreciate knowing how to accommodate this issue --- I didn't realize it but one of my clients had to have their entire staff revert to IE due to this issue. A major supplier of theirs is using the older SSL and IE, at least, allows the option of continuing in spite of the risk.

I really like it when software gives me the OPTION of protecting myself. I like that almost as much as I'm angered when software presumes to know more about how I should use my system than I know.

So thanks for doing what Firefox should have built into their "Learn more" box.

James
Moderator

User avatar
 
Posts: 27445
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted March 5th, 2015, 11:54 am

Why SSL 3.0 is not safe. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

If you really need to access these vulnerable pages on occasion then this extension will make it easier to toggle back and forth as being able to view SSL 3.0 by default is not a good idea.
https://addons.mozilla.org/firefox/addon/ssl-version-control/

LoudNoise
New Member

User avatar
 
Posts: 40048
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Post Posted March 5th, 2015, 12:58 pm

Makes me wonder about the supplier. SSL 3 makes them vulnerable to the same sort of attacks and worse.
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."

rsx11m
Moderator
 
Posts: 14425
Joined: May 3rd, 2007, 7:40 am
Location: US

Post Posted March 5th, 2015, 9:53 pm

FYI: Mozilla intends to deprecate SSLv3 with 39.0 (meaning, remove the code supporting it entirely rather than just disabling it by default), given that there is an IETF standards draft already requesting it to be retired. Thus, TLS 1.0 would be the minimum version allowed to be in compliance with the standard (hence website providers will finally have to upgrade their servers).

trolly
Moderator

User avatar
 
Posts: 39899
Joined: August 22nd, 2005, 7:25 am

Post Posted March 6th, 2015, 2:49 am

I think I read that Google is doing the same with Chrome.
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.

rsx11m
Moderator
 
Posts: 14425
Joined: May 3rd, 2007, 7:40 am
Location: US

Post Posted March 6th, 2015, 10:19 am

Unless they port that patch to the 38.0 ESR branch, it would be the fallback solution for anybody still needing SSL 3.0 for whatever reason (at least as long as that extended-support branch lasts).

therube

User avatar
 
Posts: 19183
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted March 6th, 2015, 11:45 am

A major supplier

URL to the website?
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

rsx11m
Moderator
 
Posts: 14425
Joined: May 3rd, 2007, 7:40 am
Location: US

Post Posted March 6th, 2015, 2:23 pm

trolly wrote:I think I read that Google is doing the same with Chrome.

Makes sense, the draft is co-authored by people from both Mozilla and Google.

JayhawksRock

User avatar
 
Posts: 10433
Joined: October 24th, 2010, 8:51 am

Post Posted March 6th, 2015, 3:37 pm

rsx11m wrote:
trolly wrote:I think I read that Google is doing the same with Chrome.

Makes sense, the draft is co-authored by people from both Mozilla and Google.

Also read that Google is going to 'downgrade' sites in search rank that do not upgrade their security..
"The trouble with quotes on the internet is you never know if they are genuine" ...Abraham Lincoln

Return to Firefox Support


Who is online

Users browsing this forum: Bing [Bot], dfoulkes and 5 guests