Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Is there an add-on that supports old security levels

more options

I find it frustrating every time the browser knows more about what s best for me than I do. My server has a software console port that, for reasons passing understanding, required https protocol so every time I try to access the console I run into security/certificate errors because, presumably, the certificate built into the console software is out of date.

A more recent issue is a Tripp Lite KVM console with remote access that has become useless because the SSL protocol that is used by the KVM is no longer supported by any browser. (Cipher mismatch).

The easy answer, of course, is to call up HP and tell them to rewrite the console code - or tell the system owner to toss out his servers and buy new ones .... and of course, learn never EVER to buy a Tripp Lite product.

But what I'd really like is an option ... a software configuration in some browser ... I'd call it the "pull_the_stick_from_your_butt_and_let_me_do_what_I_want_to_do" mode

I really don't need to worry that the Proliant server sitting 30 feet from me is trying to spoof me.

Does any such software or add-on exist?

I find it frustrating every time the browser knows more about what s best for me than I do. My server has a software console port that, for reasons passing understanding, required https protocol so every time I try to access the console I run into security/certificate errors because, presumably, the certificate built into the console software is out of date. A more recent issue is a Tripp Lite KVM console with remote access that has become useless because the SSL protocol that is used by the KVM is no longer supported by any browser. (Cipher mismatch). The easy answer, of course, is to call up HP and tell them to rewrite the console code - or tell the system owner to toss out his servers and buy new ones .... and of course, learn never EVER to buy a Tripp Lite product. But what I'd really like is an option ... a software configuration in some browser ... I'd call it the "pull_the_stick_from_your_butt_and_let_me_do_what_I_want_to_do" mode I really don't need to worry that the Proliant server sitting 30 feet from me is trying to spoof me. Does any such software or add-on exist?

所有回覆 (6)

more options

dbdata said

My server has a software console port that, for reasons passing understanding, required https protocol so every time I try to access the console I run into security/certificate errors because, presumably, the certificate built into the console software is out of date.

Firefox allows exceptions for expired certificates, if that is the problem. Click the Advanced button on the error page to get a more specific diagnosis.

A more recent issue is a Tripp Lite KVM console with remote access that has become useless because the SSL protocol that is used by the KVM is no longer supported by any browser. (Cipher mismatch).

If Firefox no longer supports a particular protocol (such as SSL version 3.0) or a particular cipher, an add-on can't add that back to Firefox because the secure connection setup runs before an add-on could step in. Instead, you can use a proxy or "man in the middle" which accepts a more secure connection from Firefox and then makes a less secure connection to your device. I have never researched that in detail, but have seen it mentioned on other forums.

I really don't need to worry that the Proliant server sitting 30 feet from me is trying to spoof me.

True dat. The spoofing is performed by an adversary who wants to capture your credentials. The point of a secure connection method and valid certificate is to have confidence about what server you are actually communicating with.

more options

As far as I can tell - a valid SSL certificate tells you that my check cleared Thawte's bank. It doesn't seem to make me less nefarious.

But on to point - it's not that I don't understand the security - it's the patronizing 'we know what's best for you' attitude that is permeating the industry. "This HTTPS site does not present a certificate however data back and forth will still be encrypted. Proceed? Y/N " How hard is that? not page after page, warning after warning, just let me do what I want to do.

As far as not supporting older version of SSL - this is once again developers sitting in their offices, working on Windows 12 and Linux 8.0 boxes running 300 Ghz cpus each with 3000 Tb memory - deciding what is and is not "safe" for me to do.

I'll see about a proxy - but it would be SO easy is someone would pull the stick outta their cache and let the people do what the people want to do.

We're busy converting web sites from http to https because "they" have decided that videos of kittens should be encrypted before downloading and "they" will no longer support http {sigh}

more options

dbdata said

But on to point - it's not that I don't understand the security - it's the patronizing 'we know what's best for you' attitude that is permeating the industry. "This HTTPS site does not present a certificate however data back and forth will still be encrypted. Proceed? Y/N " How hard is that? not page after page, warning after warning, just let me do what I want to do.

What error page are you getting and does it have an Advanced button that leads to the ability to make an exception? How many clicks are really required? Let's get specific here.

more options

No -- this is a dead-in-the-water issue

Secure Connection Failed

An error occurred during a connection to 10.0.0.201. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Learn more…

more options

You can check the server.

You can check your browser.

more options

dbdata said

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

Okay, then it is not an issue of an out-of-date certificate, it is the configuration of the webserver in the device. If the device software cannot be updated, then you would need a proxy server to connect using Firefox.

Can you use Internet Explorer 11 to manage the device?