Showing questions tagged: اعرض كل الأسئلة
  • المُؤرشفة

Mozilla Firefox does not work when disabling the encryption key TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

Dear Mozilla team, We are a company that develops web systems. The customer’s security service asks us to close all old encryption keys on the server in order to avoid sy… (read more)

Dear Mozilla team,

We are a company that develops web systems. The customer’s security service asks us to close all old encryption keys on the server in order to avoid system vulnerabilities and use only new keys. We disabled most of the old keys and the system works fine on all browsers. As soon as we turn off the encryption key TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014), then all web systems stop working through the Mozilla Firefox browser. (At the same time, everything works correctly on other browsers). The Mozilla Firefox Documentation says that this browser supports new encryption keys and can work without old encryption keys. Link (https://wiki.mozilla.org/Security/Server_Side_TLS). Also on our server are included all the necessary encryption keys for Mozilla Firefox to work.

Do you have any ideas on how to solve this?

Asked by yulyan.karpiy 1 year ago

Last reply by dkeeler 1 year ago

  • المُؤرشفة

TLS handshake slow, times out after Mac Mojave update

This has now happened after the last two Mac updates. I get the TLS handshake forever until it times out. Occasionally something gets through (like the Mozilla help pages… (read more)

This has now happened after the last two Mac updates. I get the TLS handshake forever until it times out. Occasionally something gets through (like the Mozilla help pages!) Unlike others who have posted this issue, the same problem holds in Chrome and Safari. I have tried various fixes, including a new identity on my Mac, with no success. Last time the issue seemed to spontaneously resolve after a couple of hours and never reappeared until Mac updated again. While all this is happening, my email works fine, my husband's macbook pro (just like mine) works fine, and my iPad works fine. I have left this message on the Mac help forum, too, hoping someone will have some idea of what is happening. OS Mojave 10.14.6

Asked by sunolen 1 year ago

Last reply by cor-el 1 year ago

  • المُؤرشفة

Firefox using "TLSv1 Record Layer" possibly makes company portal inaccessible

Since we switched to a new company portal ("intranet"), I can no longer use Firefox to access it. Chrome and Internet Exploder both work fine (on the very same machine, s… (read more)

Since we switched to a new company portal ("intranet"), I can no longer use Firefox to access it. Chrome and Internet Exploder both work fine (on the very same machine, same network, etc!).

The error message I get is:

An error occurred during a connection to <hostname>. PR_CONNECT_RESET_ERROR

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Somehow this sounds like a certificate verification problem, but if that was really a problem, Firefox wouldn't continue starting the TLS handshake, right? But it does...

I used Wireshark to do network traces, and I can see that after the initial "client hello" the portal web server resets the connection. When I compared the snoop to one captured for Chrome, I noticed that the "client hello" Firefox sends uses a "TLSv1 Record Layer" in the "Client Hello," while Chrome uses a "TLSv1.2 Record Layer" in the "Client Hello."

I set "security.tls.version.min" to "2" already, but that didn't help.

I later also noticed that Chrome offers two TLS_RSA_WITH_AES_xxx_GCM_SHAxxx crypto suites, while Firefox doesn't.

My guess is that one of the above observations is likely the reason why Firefox can't connect.

Does that sound plausible to you? Why the difference in the TLS record layer? Why doesn't Firefox the above cypto suites? Are they considered insecure?

(Before you ask, unfortunately I can't give the host name to our portal, sorry.)

Many thanks for your help, this is really annoying me...

Kr,

Ralf

Asked by Ralf G. R. Bergs 1 year ago

Last reply by jscher2000 1 year ago

  • المُؤرشفة

Is there any future plan to Block TLSv1.0 and TLSv.1.1 in Firefox ESR Browser like it is announced for the regular FIrefox Browser ?

https://www.zdnet.com/article/browsers-to-block-access-to-https-sites-using-tls-1-0-and-1-1-starting-this-month/ Firefox 74.0 has stopped allowing TLSv1.0 and TLSv.1.1 … (read more)

https://www.zdnet.com/article/browsers-to-block-access-to-https-sites-using-tls-1-0-and-1-1-starting-this-month/

Firefox 74.0 has stopped allowing TLSv1.0 and TLSv.1.1

Does latest version of Firefox ESR also blocking them ? Or any chances of blocking them in future ?

Asked by bhavana.v1 1 year ago

Last reply by philipp 1 year ago