Forum der Gemeinschaft Firefox

Recently I set up mTLS on my admin endpoint. I tried entering it as an API on the other website, and in Firefox it wouldn't work. But if I'd try to access endpoint directly it would work, and even save my certificate choice. In Chrome, everything works just fine with both direct and API access. It is not a problem of a website, nor the problem of the OPTIONS preflight, since both of those are configured correctly on my nginx.

Dear Mozilla Team,

I kindly ask you to add support for the X25519MLKEM768 hybrid post-quantum key exchange to the domain detectportal.firefox.com (the URL used by Firefox connection testing). This small change would significantly strengthen privacy protection for millions of users who rely on Firefox's connection test URL. As you know, this mechanism has already been successfully implemented on almost all of your other domains. Extending the same protection to detectportal.firefox.com would ensure consistency and close the remaining gap. Thank you very much for your ongoing work on privacy and post-quantum cryptography. I would greatly appreciate your attention to this request. Best regards, Anonymous

Hi there.

Since quite a while Firefox is trying to enhance our browsing security by "upgrading" connections from "http" to "https." This may generally be a good idea, but it is literally driving me crazy at the moment because it also does so for "internal" sites I host within my LAN (such as my "Home Assistant" instance or a Zigbee coordinator, accessible via its own hostname and web UI). However, these connections will fail, because I don't have certificates for my internal hosts, and thus there is no "https" listener. :-(

(I use my own subdomain "<host>.city.internal.example.org" internally, so Firefox may be confused?)

I feel this behavior has become "more aggressive" within the last few days, so maybe it is due to a Firefox update?

Is there a bullet-proof way to prevent Firefox from doing so?

I've already set the below options to false: - dom.security.https_first - dom.security.https_first_for_custom_ports - dom.security.https_first_for_local_addresses - dom.security.https_first_for_unknown_suffixes - dom.security.https_first_pbm - dom.security.https_first_schemeless - dom.security.https_only_mode - dom.security.https_only_mode.upgrade_local - dom.security.https_only_mode_pbm

Help, please!

I'm close to abandoning Firefox in favor of a different browser, because at the moment it's close to being unusable for me anymore... :-(

Kind regards,

Ralf

I've disabled HTTPS only mode. When i enter a local http://server.localdomain server Firefox upgrades that to https://server.localdomain. How do I disable that?

Hello Folks, I just importeda a new certificate. Then I wanted to save all my certificates for backup. Selecting "Backup all...", I neter a secure password and click ok just to get the following error message: Failed to create the PKCS #12 backup file for unknown reasons the only button is "OK"

How can I start finding out what is going on and is there any means to save my certificates?

Using firefox 148, when I select the "CIRA Canadian shield" DNS over HTTPS option it does not work. If I select the other 2 options Cloudflare or NextDNS those options work.

What is the problem with DOH for CIRA option ?

1. 1. Резюме выделенного

1. 1. 1. Общее

Выделенный фрагмент содержит **цепочку из трёх X.509 TLS-сертификатов** (формат PEM), а также временну́ю метку **«5–7 минут»** (вероятно, срок действия или контекст страницы).

---

1. 1. 1. Сертификат 1 — Конечный (End-Entity)

- **Субъект:** `accounts.firefox.com` - **Выдан:** Let's Encrypt (R13) - **Действителен:** 15.02.2026 — 16.05.2026 - **Тип:** TLS-сертификат сервера (Domain Validated) - **Алгоритм:** RSA 2048 / SHA-256

---

1. 1. 1. Сертификат 2 — Промежуточный (Intermediate CA)

- **Субъект:** `R13` (Let's Encrypt) - **Выдан:** ISRG Root X1 - **Действителен:** 13.03.2024 — 12.03.2027 - **Назначение:** Подпись конечных сертификатов Let's Encrypt

---

1. 1. 1. Сертификат 3 — Корневой (Root CA)

- **Субъект:** `ISRG Root X1` (Internet Security Research Group) - **Действителен:** 04.06.2015 — 04.06.2035 - **Назначение:** Доверенный корневой центр сертификации; самоподписанный

---

1. 1. 1. Итог

Полная цепочка доверия: `accounts.firefox.com` → `Let's Encrypt R13` → `ISRG Root X1`

Secure Connection Failed

An error occurred during a connection to chatgpt.com. Cannot communicate securely with peer: no common encryption algorithm(s).

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Learn more… this is what it says when i try to access

My broadband router set ip address is not secure as it's HTTP What is the solution to able me to access my home router via Wifi in the same location of course which is at home?

Hello everyone,

I am using Firefox latest release (eg 145.0.1).

At https://developers.cloudflare.com/ssl/post-quantum-cryptography/pqc-support/ , it seems that X25519MLKEM768 is supported since Firefox 132. Do you confirm ?

I ask this question because when I am connecting to https://pq.cloudflareresearch.com/ and activate the network tab before reaching this URL, and looked at the security tab on the right bottom panel, as you can see in the screenshot attached, in the Exchange group keys, I see x25519 and not x25519mlkem768 meaning that Firefox is not PQC ready for key establishment :-(

Best Regards.

Hi, I used to see the HTTPS designation in the Firefox address bar, but no longer see it lately. It does appear in the Edge address bar.

I do appreciate your help.

My mobile package site shows mixed-content warnings on Firefox — how can I fix this? Hello everyone, I run a website, which provides information about mobile phone prices and SIM packages in Bangladesh. Recently, I noticed that when users visit some pages in Firefox, the browser shows a “mixed-content” warning or blocks certain scripts. The same pages load fine in Chrome. All my URLs use HTTPS, and I’m using a LiteSpeed server with Cloudflare CDN. Could this issue be related to how Firefox handles external resources (like embedded operator banners or analytics scripts)? What’s the best way to debug and fix mixed-content problems in Firefox Developer Tools? Any detailed guidance or best practices would be greatly appreciated. Thanks in advance!

I am using Firefox version 140.4.0esr (64bit) Only on Firefox: when trying to connect with Pirates' web page, I have a block which reads:

Security Connection Failed - no common encription algorithems      Error Code: ssl_error_no_cypher overlap

To The Official Site of The Pittsburgh Pirates/pirates.com:Homepage

I have tried to contact them with no luck.

Can you help?

Thanks,

David Martin ([edited email from public community support forum])

I downloads Firefox, Firefox Nightly, Firefox Developer.

All edition not write SSLKEYLOG to file.

I set the SSLKEYLOGFILE env.

How to enable ssl key log file?

Hi guys, Had Firefox as network default browser for decades. Now I have a problem with my DNS pihole filter, firefox just goes around it. I've read countless articles on how to stop this, I've tried DoH 0 and DoH 5, I've placed a file policies.json in a distribution folder. I've tied everything I can find on the net. Nothing and I do mean nothing, had the slightest effect. Firefox goes around whatever I try.

I've spent many, many hours on this please tell me how to kill this, I'm forced to use another browser at the moment, which is painful.

version 142.0.1 64bit W11.

Thank you Bob.