This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Whitelist particular sites to use SSLv3

  • 7 replies
  • 10 have this problem
  • 18 views
  • Last reply by philipp

more options

Is there a way to allow specific sites to use SSLv3 (ie White-list SSLv3)?

Older network gear or other management interfaces are unlikely to be updated, but I don't want to do an all or nothing fix for a handful of sites.

Is there a way to allow specific sites to use SSLv3 (ie White-list SSLv3)? Older network gear or other management interfaces are unlikely to be updated, but I don't want to do an all or nothing fix for a handful of sites.

Chosen solution

as this is a primarily community-run support forum it's probably not the right place to request features (we cannot implement any features & devs won't read here). please either use https://input.mozilla.org/feedback for general feedback or if you feel that it's a missing feature in the browser file a bug at bugzilla.mozilla.org.

i agree with ideato that a portable version of firefox that is configured and used just for this purpose is probably the best way to go about it at the moment...

Read this answer in context 👍 3

All Replies (7)

more options

Hello, unfortunately i don't think you can do that

another option is to download the firefox Portable Edition and to set the next preferences to 0 (zero) in about:config

Lowest acceptable protocol: security.tls.version.min (default = 1) Highest allowed protocol: security.tls.version.max (default = 3)

and use that firefox for the sites you want (the sites with ssl3)

thank you

more options

We really need a way to have corner case fixes to widely sweeping problems like this one. Many of these issues require so much work to actually fix, and some fixes will never be done (older networking gear) that exposing the entire browser to be able to connect to 1 site is not the best solution.

Maybe a toggle rather than about:config tweaks?

more options

SSLv3 is SO insecure that it is VERY dangerous to have anything on the web running it. If your equipment doesn't have a firmware update, the you need to buy new equipment. I know it sucks, but it is a nearly 20 year old protocol, and it's not safe to use. This has been an established fact for sometime and isn't news to anyone.

more options

You can use this extension to enable SSL3 temporarily for a website that needs SSL3.

more options

Tyler Downer said

SSLv3 is SO insecure that it is VERY dangerous to have anything on the web running it. If your equipment doesn't have a firmware update, the you need to buy new equipment. I know it sucks, but it is a nearly 20 year old protocol, and it's not safe to use. This has been an established fact for sometime and isn't news to anyone.

Ok. But when you have 100K USD sunk in a piece of equipment that does it's job and is behind perimeter security on an isolated network, "just buy a new one" doesn't really fly, but yet I still have to manage it. I understand that in an ideal world the vendor would be responsible and fix it, but this isn't one, and discussing how it ideally could be would not net any useful outcome.

more options

cor-el said

You can use this extension to enable SSL3 temporarily for a website that needs SSL3.

Better than manipulating about:config, but still an all or nothing solution. Better would be a per site solution.

more options

Chosen Solution

as this is a primarily community-run support forum it's probably not the right place to request features (we cannot implement any features & devs won't read here). please either use https://input.mozilla.org/feedback for general feedback or if you feel that it's a missing feature in the browser file a bug at bugzilla.mozilla.org.

i agree with ideato that a portable version of firefox that is configured and used just for this purpose is probably the best way to go about it at the moment...