Showing questions tagged: اعرض كل الأسئلة
  • المُؤرشفة

Mozilla Firefox does not work when disabling the encryption key TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

Dear Mozilla team, We are a company that develops web systems. The customer’s security service asks us to close all old encryption keys on the server in order to avoid sy… (read more)

Dear Mozilla team,

We are a company that develops web systems. The customer’s security service asks us to close all old encryption keys on the server in order to avoid system vulnerabilities and use only new keys. We disabled most of the old keys and the system works fine on all browsers. As soon as we turn off the encryption key TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014), then all web systems stop working through the Mozilla Firefox browser. (At the same time, everything works correctly on other browsers). The Mozilla Firefox Documentation says that this browser supports new encryption keys and can work without old encryption keys. Link (https://wiki.mozilla.org/Security/Server_Side_TLS). Also on our server are included all the necessary encryption keys for Mozilla Firefox to work.

Do you have any ideas on how to solve this?

Asked by yulyan.karpiy 1 year ago

Last reply by dkeeler 1 year ago

  • حُلّت
  • المُؤرشفة

Garagesale ebay listings problem - images not loading

For the last couple of days I have been having trouble with my Garagesale ebay listings. The images will not download when I start a Garagesale listing. The problem is sp… (read more)

For the last couple of days I have been having trouble with my Garagesale ebay listings. The images will not download when I start a Garagesale listing. The problem is specific to Firefox, as the same listings display correctly on Safari, with all images in place. Is there a security or other preference that might stop the images loading from the Garagesale server? I also get an error message when trying to access some other pages on the garagesale website (see attached image). Any help or possible solutions would be very welcome. I've tried all the usual cache emptying, refresh Firefox, restarts, etc, without any luck.

Thanks in advance.

Asked by sw14 1 year ago

Answered by sw14 1 year ago

  • المُؤرشفة

TLS handshake slow, times out after Mac Mojave update

This has now happened after the last two Mac updates. I get the TLS handshake forever until it times out. Occasionally something gets through (like the Mozilla help pages… (read more)

This has now happened after the last two Mac updates. I get the TLS handshake forever until it times out. Occasionally something gets through (like the Mozilla help pages!) Unlike others who have posted this issue, the same problem holds in Chrome and Safari. I have tried various fixes, including a new identity on my Mac, with no success. Last time the issue seemed to spontaneously resolve after a couple of hours and never reappeared until Mac updated again. While all this is happening, my email works fine, my husband's macbook pro (just like mine) works fine, and my iPad works fine. I have left this message on the Mac help forum, too, hoping someone will have some idea of what is happening. OS Mojave 10.14.6

Asked by sunolen 1 year ago

Last reply by cor-el 1 year ago

  • المُؤرشفة

How to stop Firefox from sending TLS 1.0 even after disabled in settings.

Currently running Firefox 73.0.1. Connections to my server from Firefox all fail with 'connection_reset' from the server. Wireshark capture shows that Firefox is attempti… (read more)

Currently running Firefox 73.0.1.

Connections to my server from Firefox all fail with 'connection_reset' from the server.

Wireshark capture shows that Firefox is attempting a 'Client Hello' using TLS 1.0.

Servers are configured with TLS 1.0 removed/disabled.

All the Firefox advanced settings in about:config are set with TLS 1.2 as the minimum, yet Firefox insists on sending TLS 1.0 'client hello'.

Not an expert, but it kind of looks like Firefox is sending a TLS 1.2 'Client Hello' encapsulated inside a TLS 1.0 'Client Hello'? Is this even possible?

Chrome, IE, and Edge behave appropriately and send 'Client Hello' as TLS 1.2.

How do we get Firefox to send the appropriate 'Client Hello'?

This affects multiple versions of Firefox, even the beta builds that I tested over the weekend and occurs on any machine tested so far. Windows 10, various flavors of Linux, etc.

See screenshots below for configuration settings and wireshark capture.

Thanks for the help!

Asked by Mike Leimer 1 year ago

Last reply by Mike Leimer 1 year ago

  • المُؤرشفة

Firefox using "TLSv1 Record Layer" possibly makes company portal inaccessible

Since we switched to a new company portal ("intranet"), I can no longer use Firefox to access it. Chrome and Internet Exploder both work fine (on the very same machine, s… (read more)

Since we switched to a new company portal ("intranet"), I can no longer use Firefox to access it. Chrome and Internet Exploder both work fine (on the very same machine, same network, etc!).

The error message I get is:

An error occurred during a connection to <hostname>. PR_CONNECT_RESET_ERROR

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Somehow this sounds like a certificate verification problem, but if that was really a problem, Firefox wouldn't continue starting the TLS handshake, right? But it does...

I used Wireshark to do network traces, and I can see that after the initial "client hello" the portal web server resets the connection. When I compared the snoop to one captured for Chrome, I noticed that the "client hello" Firefox sends uses a "TLSv1 Record Layer" in the "Client Hello," while Chrome uses a "TLSv1.2 Record Layer" in the "Client Hello."

I set "security.tls.version.min" to "2" already, but that didn't help.

I later also noticed that Chrome offers two TLS_RSA_WITH_AES_xxx_GCM_SHAxxx crypto suites, while Firefox doesn't.

My guess is that one of the above observations is likely the reason why Firefox can't connect.

Does that sound plausible to you? Why the difference in the TLS record layer? Why doesn't Firefox the above cypto suites? Are they considered insecure?

(Before you ask, unfortunately I can't give the host name to our portal, sorry.)

Many thanks for your help, this is really annoying me...

Kr,

Ralf

Asked by Ralf G. R. Bergs 1 year ago

Last reply by jscher2000 1 year ago

  • حُلّت
  • المُؤرشفة

Cannot disable Cipher TLS_RSA_WITH_AES_128_GCM_SHA256 or TLS_RSA_WITH_AES_256_GCM_SHA384

Hi there, I'm trying to disable insecure ciphers in TLS 1.2 since 1.3 isn't widely supported yet. I'm using this to determine whats secure: https://browserleaks.com/ssl… (read more)

Hi there,

I'm trying to disable insecure ciphers in TLS 1.2 since 1.3 isn't widely supported yet.

I'm using this to determine whats secure: https://browserleaks.com/ssl

I cant find any option to disable these two ciphers:

0x009c TLS_RSA_WITH_AES_128_GCM_SHA256 0x009d TLS_RSA_WITH_AES_256_GCM_SHA384

Thanks :)

Asked by Reuben 1 year ago

Answered by Mike Kaply 1 year ago

  • المُؤرشفة

Is there any future plan to Block TLSv1.0 and TLSv.1.1 in Firefox ESR Browser like it is announced for the regular FIrefox Browser ?

https://www.zdnet.com/article/browsers-to-block-access-to-https-sites-using-tls-1-0-and-1-1-starting-this-month/ Firefox 74.0 has stopped allowing TLSv1.0 and TLSv.1.1 … (read more)

https://www.zdnet.com/article/browsers-to-block-access-to-https-sites-using-tls-1-0-and-1-1-starting-this-month/

Firefox 74.0 has stopped allowing TLSv1.0 and TLSv.1.1

Does latest version of Firefox ESR also blocking them ? Or any chances of blocking them in future ?

Asked by bhavana.v1 1 year ago

Last reply by philipp 1 year ago