This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

My "SSL client is Bad" says https://www.howsmyssl.com/

  • 3 ردود
  • 3 have this problem
  • 1 view
  • آخر ردّ كتبه cor-el

more options

I heard a "Security" check site that said that My "SSL Client is BAD". Can I purchase anything safely on my computer even though I see the HTTPS"? I type https://howsmyssl.com and it says that I'm in trouble. Please try it and explain. Thank you! (jimmy Curk)

I heard a "Security" check site that said that My "SSL Client is BAD". Can I purchase anything safely on my computer even though I see the HTTPS"? I type https://howsmyssl.com and it says that I'm in trouble. Please try it and explain. Thank you! (jimmy Curk)

الحل المُختار

hello jimmy - the site you have referenced is testing for compatibility with TLS 1.2, which will ship with firefox 27 which is going to be released next week. so try it again then...

https://www.mozilla.org/en-US/firefox/27.0beta/releasenotes/

Read this answer in context 👍 3

All Replies (3)

more options

الحل المُختار

hello jimmy - the site you have referenced is testing for compatibility with TLS 1.2, which will ship with firefox 27 which is going to be released next week. so try it again then...

https://www.mozilla.org/en-US/firefox/27.0beta/releasenotes/

more options

Yes, no, it depends...

The SSL standard has evolved over time and the newer versions are stronger. It would be ideal if you could always use TLS 1.2. However, Firefox might not be able to "fall back" to an older standard if you choose TLS 1.2, so that is not enabled by default.

If you don't mind doing a little tinkering, you can change Firefox's behavior to always try TLS 1.1 first instead of starting with the older TLS 1.0. If you start running into sites that fail to connect, you may need to revert to the default setting.

Ready to go?

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the Search box above the list, type or paste tls and pause while the list is filtered

(3) Double-click security.tls.version.max and change it from 1 to 2 and click OK. (For future reference, 1=TLS 1.0, 2=TLS 1.1)

Any luck?

more options

To satisfy the site you would have to use TLS 1.2 (security.tls.version.max = 3) and toggle security.ssl3.rsa_fips_des_ede3_sha to false to disable this cipher.
I'm not sure if that is advisable in the current Firefox release in case the TLS 1.2 implementation is still buggy .
The Firefox 27 release candidate has security.tls.version.max set to 3 by default and security.ssl3.rsa_fips_des_ede3_sha = false and shows the "Your SSL client is Probably Okay." message.