How to Enable SSL v3?

User Help for Mozilla Firefox
dave_d
Posts: 3
Joined: December 3rd, 2014, 11:49 am

How to Enable SSL v3?

Post by dave_d »

Hi all,

Firefox is blocking me from my firewall appliance!

When attempting to connect, I receive this error from Firefox:

Unable to Connect Securely

Firefox cannot guarantee the safety of your data on 192.168.1.1 because it uses SSLv3, a broken security protocol.
Advanced info: ssl_error_no_cypher_overlap

How do I disable this SSLv3 protection in order to access and manage critical legacy appliances on my intranet? Is there an exception list, so I needn't disable it outright?

Thank you very much!

Dave
User avatar
trolly
Moderator
Posts: 39851
Joined: August 22nd, 2005, 7:25 am

Re: How to Enable SSL v3?

Post by trolly »

about:config -> type ssl3 in the search bar at the top and enable protocols until it works
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
dave_d
Posts: 3
Joined: December 3rd, 2014, 11:49 am

Re: How to Enable SSL v3?

Post by dave_d »

Thank you, trolly, but that didn't work.

I stepped through the ssl3 protocols, turning each "false" value to "true." No change. Then, with all values "true," I restarted Firefox again and still no change. Believing that my understanding of the value was maybe incorrect, I turned all default "true" entries to "false" too, restarted Firefox, and again no change.

Any ideas? I truly appreciate it.
User avatar
trolly
Moderator
Posts: 39851
Joined: August 22nd, 2005, 7:25 am

Re: How to Enable SSL v3?

Post by trolly »

There are rumors about completely deactivating SSLv3. If that's the case you need an equal old firefox. For the next time you can use Firefox 32 ESR.
I did not understood if SSLv3 is simply switched off or completely removed.
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
dave_d
Posts: 3
Joined: December 3rd, 2014, 11:49 am

Re: How to Enable SSL v3?

Post by dave_d »

Ah! I figured it out.

Prior to posting here, I found a recommendation to disable SSLv3 by changing security.tls.version.min from "0" (default) to "1." I expected the reverse operation to have the opposite effect (in FF 34, the default is now "1"). But, it turns out, you must also change security.tls.version.fallback-limit to "0" too. This was a lucky guess on my part. And, to be clear, protocols are back to their defaults.

I hope this helps anybody else stuck in my situation.

Thank you, trolly!
User avatar
trolly
Moderator
Posts: 39851
Joined: August 22nd, 2005, 7:25 am

Re: How to Enable SSL v3?

Post by trolly »

Thanks for reporting. I did not know about the fallback pref.
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
dbdataplus
Posts: 17
Joined: October 19th, 2009, 9:06 am

A bit late to the party on this issue - but thanks

Post by dbdataplus »

I appreciate knowing how to accommodate this issue --- I didn't realize it but one of my clients had to have their entire staff revert to IE due to this issue. A major supplier of theirs is using the older SSL and IE, at least, allows the option of continuing in spite of the risk.

I really like it when software gives me the OPTION of protecting myself. I like that almost as much as I'm angered when software presumes to know more about how I should use my system than I know.

So thanks for doing what Firefox should have built into their "Learn more" box.
User avatar
James
Moderator
Posts: 27999
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Re: How to Enable SSL v3?

Post by James »

Why SSL 3.0 is not safe. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

If you really need to access these vulnerable pages on occasion then this extension will make it easier to toggle back and forth as being able to view SSL 3.0 by default is not a good idea.
https://addons.mozilla.org/firefox/addon/ssl-version-control/
User avatar
LoudNoise
New Member
Posts: 39900
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Re: How to Enable SSL v3?

Post by LoudNoise »

Makes me wonder about the supplier. SSL 3 makes them vulnerable to the same sort of attacks and worse.
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
rsx11m
Moderator
Posts: 14404
Joined: May 3rd, 2007, 7:40 am
Location: US

Re: How to Enable SSL v3?

Post by rsx11m »

FYI: Mozilla intends to deprecate SSLv3 with 39.0 (meaning, remove the code supporting it entirely rather than just disabling it by default), given that there is an IETF standards draft already requesting it to be retired. Thus, TLS 1.0 would be the minimum version allowed to be in compliance with the standard (hence website providers will finally have to upgrade their servers).
User avatar
trolly
Moderator
Posts: 39851
Joined: August 22nd, 2005, 7:25 am

Re: How to Enable SSL v3?

Post by trolly »

I think I read that Google is doing the same with Chrome.
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
rsx11m
Moderator
Posts: 14404
Joined: May 3rd, 2007, 7:40 am
Location: US

Re: How to Enable SSL v3?

Post by rsx11m »

Unless they port that patch to the 38.0 ESR branch, it would be the fallback solution for anybody still needing SSL 3.0 for whatever reason (at least as long as that extended-support branch lasts).
User avatar
therube
Posts: 21703
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Re: How to Enable SSL v3?

Post by therube »

A major supplier

URL to the website?
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
rsx11m
Moderator
Posts: 14404
Joined: May 3rd, 2007, 7:40 am
Location: US

Re: How to Enable SSL v3?

Post by rsx11m »

trolly wrote:I think I read that Google is doing the same with Chrome.

Makes sense, the draft is co-authored by people from both Mozilla and Google.
User avatar
JayhawksRock
Posts: 10433
Joined: October 24th, 2010, 8:51 am

Re: How to Enable SSL v3?

Post by JayhawksRock »

rsx11m wrote:
trolly wrote:I think I read that Google is doing the same with Chrome.

Makes sense, the draft is co-authored by people from both Mozilla and Google.

Also read that Google is going to 'downgrade' sites in search rank that do not upgrade their security..
"The trouble with quotes on the internet is you never know if they are genuine" ...Abraham Lincoln
Post Reply