X
Πατήστε εδώ για μετάβαση στην έκδοση της ιστοσελίδας για κινητές συσκευές.
Scheduled maintenance: Thursday, April 2, between 3pm and 5pm UTC. This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn’t solve your issue and you want to ask a question, we have our support community waiting to help you at @firefox on Twitter

Φόρουμ υποστήριξης

Mozilla Firefox does not work when disabling the encryption key TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

Δημοσιεύτηκε

Dear Mozilla team,

We are a company that develops web systems. The customer’s security service asks us to close all old encryption keys on the server in order to avoid system vulnerabilities and use only new keys. We disabled most of the old keys and the system works fine on all browsers. As soon as we turn off the encryption key TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014), then all web systems stop working through the Mozilla Firefox browser. (At the same time, everything works correctly on other browsers). The Mozilla Firefox Documentation says that this browser supports new encryption keys and can work without old encryption keys. Link (https://wiki.mozilla.org/Security/Server_Side_TLS). Also on our server are included all the necessary encryption keys for Mozilla Firefox to work.

Do you have any ideas on how to solve this?

Dear Mozilla team, We are a company that develops web systems. The customer’s security service asks us to close all old encryption keys on the server in order to avoid system vulnerabilities and use only new keys. We disabled most of the old keys and the system works fine on all browsers. As soon as we turn off the encryption key TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014), then all web systems stop working through the Mozilla Firefox browser. (At the same time, everything works correctly on other browsers). The Mozilla Firefox Documentation says that this browser supports new encryption keys and can work without old encryption keys. Link (https://wiki.mozilla.org/Security/Server_Side_TLS). Also on our server are included all the necessary encryption keys for Mozilla Firefox to work. Do you have any ideas on how to solve this?
Παράθεση

Επιπρόσθετες λεπτομέρειες συστήματος

Εφαρμογή

  • Πλατφόρμα χρήστη: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18363

Περισσότερες πληροφορίες

cor-el
  • Top 10 Contributor
  • Moderator
17857 λύσεις 161589 απαντήσεις
Δημοσιεύτηκε

You can check the server.

You can check your browser for compatible cipher suites.

You can check the server. *https://www.ssllabs.com/ssltest/ You can check your browser for compatible cipher suites. *https://www.ssllabs.com/ssltest/viewMyClient.html
Σάς φάνηκε χρήσιμο;
Παράθεση
Δημοσιεύτηκε

Ιδιοκτήτης ερώτησης

Thanks, but unfortunately we`ve checked it and it didn't work.

Screenshot 1 shows that system didn't work with Mozilla browser Screenshot 2 shows that after we opened SHA1 Mozilla works with old keys that need to be changed and all other browsers work on new keys.

We have other sets but Mozilla also didn't work with them.

Do you have any other ideas on how to solve this?

Thanks, but unfortunately we`ve checked it and it didn't work. Screenshot 1 shows that system didn't work with Mozilla browser Screenshot 2 shows that after we opened SHA1 Mozilla works with old keys that need to be changed and all other browsers work on new keys. We have other sets but Mozilla also didn't work with them. Do you have any other ideas on how to solve this?
Σάς φάνηκε χρήσιμο;
Παράθεση
dkeeler 0 λύσεις 8 απαντήσεις
Δημοσιεύτηκε

What cipher suites does your server enable?

What cipher suites does your server enable?
Σάς φάνηκε χρήσιμο;
Παράθεση
Δημοσιεύτηκε

Ιδιοκτήτης ερώτησης

Hi, @dkeeler We use those

Hi, @dkeeler We use those
Σάς φάνηκε χρήσιμο;
Παράθεση
cor-el
  • Top 10 Contributor
  • Moderator
17857 λύσεις 161589 απαντήσεις
Δημοσιεύτηκε

I think that what dkeeler means is a full list of cipher suites that are enabled on the server. I sounds that you only have this single cipher suite enabled that Firefox supports and other enabled cipher suites aren't supported by Firefox.

See also:

I think that what dkeeler means is a full list of cipher suites that are enabled on the server. I sounds that you only have this single cipher suite enabled that Firefox supports and other enabled cipher suites aren't supported by Firefox. See also: *https://observatory.mozilla.org/analyze.html?host=

Τροποποιήθηκε στις από το χρήστη cor-el

Σάς φάνηκε χρήσιμο;
Παράθεση
jscher2000
  • Top 10 Contributor
8953 λύσεις 73374 απαντήσεις
Δημοσιεύτηκε

I think it is a little confusing to refer to encryption ciphers as keys. Your private key is used to generate your SSL certificate, and you can change that key and generate new certificates without disabling any ciphers.

I think it is a little confusing to refer to encryption ''ciphers'' as ''keys''. Your private key is used to generate your SSL certificate, and you can change that key and generate new certificates without disabling any ciphers.
Σάς φάνηκε χρήσιμο;
Παράθεση
dkeeler 0 λύσεις 8 απαντήσεις
Δημοσιεύτηκε

Hi Yulyan, if I'm understanding what you're indicating correctly, your server does enable at least one cipher suite that Firefox enables. Can you open a new bug here: https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Security%3A%20PSM with as much detail as you can include? Thanks!

Hi Yulyan, if I'm understanding what you're indicating correctly, your server does enable at least one cipher suite that Firefox enables. Can you open a new bug here: https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Security%3A%20PSM with as much detail as you can include? Thanks!
Σάς φάνηκε χρήσιμο;
Παράθεση
Κάντε μια ερώτηση

Πρέπει να συνδεθείτε στο λογαριασμό σας για να απαντήσετε στις δημοσιεύσεις. Παρακαλούμε ξεκινήστε μια νέα ερώτηση, αν δεν έχετε ήδη λογαριασμό.