access to low 40-bit ciphers no longer works with Firefox 19.0
Since updating to 19.0 I have a problem accessing https servers with old, less-secure ciphers:
Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)
I have used about:config to set security.ssl3.rsa_rc4_40_md5;true, which is how I got this to work for older versions of Firefox. It is still set to true after update to 19.0, but access no longer works.
Alle Antworten (4)
That is the result of the landing of this bug:
- bug 799007 - Remove support for low/weak/null cipher suites
(please do not comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html)
Thanks cor-el.
I use Firefox to access the management ports of IBM pSeries p5 machines. These run a basic webserver and use https with low-security ciphers. They are not updateable to change this. Up until now, setting security.ssl3.rsa_rc4_40_md5;true has allowed me to continue to use Firefox to access these systems. With this "bug fix", actually a reduction in basic functionality, I can no longer do so. Our production servers are thus currently at risk. Any suggestions as to how I can get this necessary functionality back? Use some sort of "lite" browser just to access these management ports? As FireFox is my browser of choice, I do not want to have to permanently back-level it and expose myself to future security risks.
Having tried a few "slim" browsers, which all also no longer support 40-bit or 56-bit ciphers, I have reverted to FF 17.03esr, which works a treat.
I shall now progress this issue further with IBM.
You can install a portable Firefox (ESR) version to access websites that do not work with the current Firefox release.