Avatar for Username

Αναζήτηση στην υποστήριξη

Προσοχή στις απάτες! Δεν θα σας ζητήσουμε ποτέ να καλέσετε ή να στείλετε μήνυμα σε κάποιον αριθμό τηλεφώνου ή να μοιραστείτε προσωπικά δεδομένα. Αναφέρετε τυχόν ύποπτη δραστηριότητα μέσω της επιλογής «Αναφορά κατάχρησης».

Learn More

Αυτό το νήμα αρχειοθετήθηκε. Παρακαλούμε κάντε νέα ερώτηση αν χρειάζεστε βοήθεια.

We have difficulty trying to connect to our server using a browser. Google Chrome can connect, but Mozilla Firefox cannot.

  • 4 απαντήσεις
  • 3 έχουν αυτό το πρόβλημα
  • 14 προβολές
  • Τελευταία απάντηση από jscher2000 - Support Volunteer

VicCebedo
VicCebedo
more options
  1. Problem: #

We have difficulty trying to connect to our server using a browser. Google Chrome can connect, but Mozilla Firefox cannot. This problem is related to the "Weak Diffie-Hellman and the Logjam Attack" (https://weakdh.org/)


  1. Activity log, sequence of actions we have conducted to try and fix the problem, and things we already know: # 
1. Everything was fine
2. Firefox complained about the Weak Diffie-Hellman ephemeral key
3. Firefox can no longer access our server
4. But, Google Chrome CAN STILL access
5. Found out about "Weak Diffie-Hellman and the Logjam Attack"
   (https://weakdh.org/)
6. Tested Firefox using their website, and responded "Good News! Your browser is safe against the Logjam attack."
7. Tested Chrome using their website, and it responded that Chrome was vulnerable.
8. This explained why we could still access our server using Chrome
9. Updated Chrome to the latest version.
10. Tested Chrome using weakdh.org, and responded "Good News! Your
    browser is safe against the Logjam attack."
11. Tried accessing our site using Chrome, and it has the same error
    with Firefox.
12. Both Chrome and Firefox can no longer access the site at this
    point.
13. We followed the instruction located at
    https://weakdh.org/sysadmin.html for Apache Tomcat servers.

`ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA"` 

14. Fix did not work both for Chrome and Firefox, still the same error.
15. We followed the instruction at
    http://stackoverflow.com/questions/30931692/diffie-hellman-public-key-error-with-tomcat-7

`ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"` 

16. Fix WORKED for Chrome BUT NOT for Firefox.
17. Firefox has error code: ssl_error_bad_cert_alert
18. We experimented on lesser number of ciphers but none worked
19. `ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"`
20. Same error for Firefox, still OK for Chrome.


  1. **TECHNICAL DETAILS** #
    1. Certificate: ## 
   Signature algorithm: sha256RSA
   Signature hash algorithm: sha256
   Public key: RSA (2048 Bits)
   Thumbprint algorithm: sha1
    1. Environment: ## 
   Apache Tomcat 6.0
   Java 1.6.0_34
    1. Current server configuration: ## 
   <Connector port="443" SSLEnabled="true" maxThreads="150" scheme="https" 
   secure="true" clientAuth="true" sslProtocol="TLS" 
   keystoreFile="********.pfx" 
   keystoreType="PKCS12" 
   keystorePass="********" 
   ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"/>
# Problem: # We have difficulty trying to connect to our server using a browser. Google Chrome can connect, but Mozilla Firefox cannot. This problem is related to the "Weak Diffie-Hellman and the Logjam Attack" (https://weakdh.org/) # Activity log, sequence of actions we have conducted to try and fix the problem, and things we already know: # 1. Everything was fine 2. Firefox complained about the Weak Diffie-Hellman ephemeral key 3. Firefox can no longer access our server 4. But, Google Chrome CAN STILL access 5. Found out about "Weak Diffie-Hellman and the Logjam Attack" (https://weakdh.org/) 6. Tested Firefox using their website, and responded "Good News! Your browser is safe against the Logjam attack." 7. Tested Chrome using their website, and it responded that Chrome was vulnerable. 8. This explained why we could still access our server using Chrome 9. Updated Chrome to the latest version. 10. Tested Chrome using weakdh.org, and responded "Good News! Your browser is safe against the Logjam attack." 11. Tried accessing our site using Chrome, and it has the same error with Firefox. 12. Both Chrome and Firefox can no longer access the site at this point. 13. We followed the instruction located at https://weakdh.org/sysadmin.html for Apache Tomcat servers. `ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA"` 14. Fix did not work both for Chrome and Firefox, still the same error. 15. We followed the instruction at http://stackoverflow.com/questions/30931692/diffie-hellman-public-key-error-with-tomcat-7 `ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"` 16. Fix WORKED for Chrome BUT NOT for Firefox. 17. Firefox has error code: ssl_error_bad_cert_alert 18. We experimented on lesser number of ciphers but none worked 19. `ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"` 20. Same error for Firefox, still OK for Chrome. # **TECHNICAL DETAILS** # ## Certificate: ## Signature algorithm: sha256RSA Signature hash algorithm: sha256 Public key: RSA (2048 Bits) Thumbprint algorithm: sha1 ## Environment: ## Apache Tomcat 6.0 Java 1.6.0_34 ## Current server configuration: ## <Connector port="443" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" keystoreFile="********.pfx" keystoreType="PKCS12" keystorePass="********" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"/>

Όλες οι απαντήσεις (4)

FredMcD
FredMcD
more options

You may have ad / mal-ware. Further information can be found in the Troubleshoot Firefox issues caused by malware article.

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

Type about:preferences#advanced<Enter> in the address bar.

Under Advanced, Select Network. Look for Configure How Firefox Connects and press the Settings button. If you are using a proxy, make sure those settings are correct. If there is no proxy, first use No Proxy. If there is a problem, then try System Proxy.

Some problems occurs when your Internet security program was set to trust the previous version of Firefox, but no longer recognizes your updated version as trusted. Now how to fix the problem: To allow Firefox to connect to the Internet again;

  • Make sure your Internet security software is up-to-date (i.e. you are running the latest version).
  • Remove Firefox from your program's list of trusted or recognized programs. For detailed instructions, see

Configure firewalls so that Firefox can access the Internet. {web link}

As a test, disable your protection programs.

Start Firefox in Safe Mode {web Link} by holding down the <Shift>
(Mac Options) key, and then starting Firefox. Is the problem still there?

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Can you post a link to your website so we can check what is happening?

Does it work if you add the domain to the whitelist pref?

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add the full domain (TEXT) to the value of this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). There should only be domains separated by a comma in the Value column (example.com,www.example.com).

You can toggle these prefs to false on the about:config page to disable the cipher suites that are involved with the Logjam vulnerability in case they are currently enabled.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha
VicCebedo
VicCebedo Ιδιοκτήτης ερώτησης
more options

FredMcD said

You may have ad / mal-ware. Further information can be found in the Troubleshoot Firefox issues caused by malware article. Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

Type about:preferences#advanced<Enter> in the address bar.

Under Advanced, Select Network. Look for Configure How Firefox Connects and press the Settings button. If you are using a proxy, make sure those settings are correct. If there is no proxy, first use No Proxy. If there is a problem, then try System Proxy.

Some problems occurs when your Internet security program was set to trust the previous version of Firefox, but no longer recognizes your updated version as trusted. Now how to fix the problem: To allow Firefox to connect to the Internet again;

  • Make sure your Internet security software is up-to-date (i.e. you are running the latest version).
  • Remove Firefox from your program's list of trusted or recognized programs. For detailed instructions, see

Configure firewalls so that Firefox can access the Internet. {web link}

As a test, disable your protection programs.

Start Firefox in Safe Mode {web Link} by holding down the <Shift>
(Mac Options) key, and then starting Firefox. Is the problem still there?

1.) Malwares may not be the cause since this problem is affecting all our clients. 2.) We do not have a proxy. However, I've tried some proxy settings and all attempts did not work. 3.) I'm running the latest firefox. 4.) I think this would not be an issue regarding firewalls since I can access other websites. 5.) I tried also running in Safe Mode and the issue is still there.

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

So just to summarize, the current situation is:

(1) Server passes logjam tests (2) Chrome connects (3) Firefox gives ssl_error_bad_cert_alert error

That's actually a very rare error on this forum and most of the posts relate to an issue with a client certificate accessing AKO mail, so that may not be relevant to your situation: https://support.mozilla.org/search/advanced?a=1&q=ssl_error_bad_cert_alert&sortby=1&w=2