Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Avatar for Username

ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Can't connect to internal network device using SSL (ffx 39)

  • 5 ردود
  • 23 have this problem
  • 29 views
  • آخر ردّ كتبه LadelleIT

LadelleIT
LadelleIT
more options

Using FFX 39, trying to connect (https) to a couple on INTERNAL network dvices but get the error ssl_error_weak_server_cert_key .

Currently, we had to make changes to access out Exchange server webmail internally security.tl.version.min = 0 security.tl.version.fallback-limit = 0

This devicedoes not have firmware updates and standard http does not work. I was accessing these devices in 38.0.5 but the update to 29 in the past 24hr has stopped this.

The devices are D-Link DFL-800 (VPN Firewall).

This is happening on Win7 & Win8 machines also.

Is there anyway to access these?

I tried to upload an image but it times out.

Brian

Using FFX 39, trying to connect (https) to a couple on INTERNAL network dvices but get the error ssl_error_weak_server_cert_key . Currently, we had to make changes to access out Exchange server webmail internally security.tl.version.min = 0 security.tl.version.fallback-limit = 0 This devicedoes not have firmware updates and standard http does not work. I was accessing these devices in 38.0.5 but the update to 29 in the past 24hr has stopped this. The devices are D-Link DFL-800 (VPN Firewall). This is happening on Win7 & Win8 machines also. Is there anyway to access these? I tried to upload an image but it times out. Brian

All Replies (5)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

I'm not sure if you can still make Firefox use SSL3 (security.tls.version.min = 0) in the current release or that this has been removed.

It is possible that used cipher suites have been disabled. Firefox 39 includes a fix for the Logjam vulnerability and has disabled cipher suites that are involved with the Logjam attack.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

Logjam: How Diffie-Hellman Fails in Practice:

LadelleIT
LadelleIT صاحب السؤال
more options

I have tried toggling all the security.ssl3 options but no combination works.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

There is this bug, so it looks that you are out of luck.

Note that it is better to add a host to a whitelist pref instead of disabling this feature.

  • security.tls.insecure_fallback_hosts
  • security.tls.unrestricted_rc4_fallback

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add the full domain (TEXT) to the value of this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). There should only be domains separated by a comma in the Value column (example.com,www.example.com).

LadelleIT
LadelleIT صاحب السؤال
more options

I had already tried security.tls.insecure_fallback_hosts without success.

Brian

LadelleIT
LadelleIT صاحب السؤال
more options

And it is also impacting our Dell Openmanage access https://server:1311 .