Since updating to 19.0 I have a problem accessing https servers with old, less-secure ciphers:
Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)
I have used about:config to set security.ssl3.rsa_rc4_40_md5;true, which is how I got this to work for older versions of Firefox. It is still set to true after update to 19.0, but access no longer works.
- All posts
- Helpful Solutions
That is the result of the landing of this bug:
- bug 799007 - Remove support for low/weak/null cipher suites
(please do not comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html)
I use Firefox to access the management ports of IBM pSeries p5 machines. These run a basic webserver and use https with low-security ciphers. They are not updateable to change this. Up until now, setting security.ssl3.rsa_rc4_40_md5;true has allowed me to continue to use Firefox to access these systems. With this "bug fix", actually a reduction in basic functionality, I can no longer do so. Our production servers are thus currently at risk. Any suggestions as to how I can get this necessary functionality back? Use some sort of "lite" browser just to access these management ports? As FireFox is my browser of choice, I do not want to have to permanently back-level it and expose myself to future security risks.
Having tried a few "slim" browsers, which all also no longer support 40-bit or 56-bit ciphers, I have reverted to FF 17.03esr, which works a treat.
I shall now progress this issue further with IBM.
You can install a portable Firefox (ESR) version to access websites that do not work with the current Firefox release.