본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Firefox cannot display website that use certificate with DH key 1024 bits

more options

After I change web site certificate to use DH key with 1024 bits length, Firefox can not display the web site and provided error like "Secure Connection failed ...". I had tried disable weak cipher dhe but still not working, I had test with Internet Explorer and determine the connection as TLS 1.2 with DH 1024 bits but I do need to browse this web site from Firefox please help.

- Using Firefox 47.0

After I change web site certificate to use DH key with 1024 bits length, Firefox can not display the web site and provided error like "Secure Connection failed ...". I had tried disable weak cipher dhe but still not working, I had test with Internet Explorer and determine the connection as TLS 1.2 with DH 1024 bits but I do need to browse this web site from Firefox please help. - Using Firefox 47.0

선택된 해결법

My Firefox supports these ciphers, according to https://www.ssllabs.com/ssltest/viewMyClient.html:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) 128 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

So it seems your server doesn't support any ciphers used by Firefox 47.

문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (9)

more options

Looks like you posted using Chrome. Any issues in Chrome? Usually Chrome displays any SSL-related warnings when you click the padlock in the address bar and then click Connection on the drop-down panel.

Could you use this diagnostic page to check your site: https://www.ssllabs.com/ssltest/

For example, it evaluates whether numerous different browsers would be able to connect. If their Firefox won't connect, then it's not just your Firefox.

If this is a general Firefox problem, can you give a link to the site?

more options

It's an internal website, desktop that I need to connect to the website is using Firefox 47.0.1 but I just post this post using my laptop.

I can not use the diagnostic tool because it's an internal web site

more options

What does Chrome show?

more options

On that machine there is no Chrome install but on IE when I see the connection properties it is "TLS 1.2 AES with 128 bit encryption (High); DH with 1024 bit exchange".

more options

Sorry, I don't know to translate that into the way Firefox describes its ciphers. Maybe you can find a tool that runs inside the firewall to interrogate the server and list out the ciphers it supports to see whether there is a match with Firefox.

more options

Do you have any recommend tool to do that?

more options

When I search around, there seem to be a lot of little scanners out there, but I don't know which ones are trustworthy.

For example:

more options

After use 'NMAP' below is list of support cipher that website using:

C:\nmap\nmap-7.12>nmap --script ssl-enum-ciphers -p 443 10.136.82.105

Starting Nmap 7.12 ( https://nmap.org ) at 2016-07-14 13:57 SE Asia Standard Tim e Nmap scan report for CcpCsPG2301 (10.136.82.105) Host is up (0.0019s latency). PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (dh 1024) - A | TLS_DHE_DSS_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (dh 1024) - A | TLS_DHE_DSS_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (dh 1024) - D | compressors: | NULL | cipher preference: server | warnings: | Weak certificate signature: SHA1 |_ least strength: D

Nmap done: 1 IP address (1 host up) scanned in 1.50 seconds

C:\nmap\nmap-7.12>

more options

선택된 해결법

My Firefox supports these ciphers, according to https://www.ssllabs.com/ssltest/viewMyClient.html:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) 128 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

So it seems your server doesn't support any ciphers used by Firefox 47.