X
Tap here to go to the mobile version of the site.

Support Forum

Following the upgrade to 34.0.5, I can no longer access web pages of our SAN, airco, vSphere Web Clients, etc. How can I correct this?

Posted

Following upgrade to 34.05, can no longer access web pages of the SAN management interface, the airco system, the vSphere Web Client, etc. All still work in Chrome.

The airco system gives an error:

   Firefox cannot guarantee the safety of your data on 10.32.16.50 because it uses SSLv3, a broken security protocol.
   Advanced info: ssl_error_no_cypher_overlap

The SAN management interface and vSphere Web Clients display an empty page. Not sure whether these also have problems due to SSLv3.

I understand you wanting to be cautious, but I seriously doubt I need to face an attack from our SAN. Please, at least give us an option to connect regardless.

Following upgrade to 34.05, can no longer access web pages of the SAN management interface, the airco system, the vSphere Web Client, etc. All still work in Chrome. The airco system gives an error: Firefox cannot guarantee the safety of your data on 10.32.16.50 because it uses SSLv3, a broken security protocol. Advanced info: ssl_error_no_cypher_overlap The SAN management interface and vSphere Web Clients display an empty page. Not sure whether these also have problems due to SSLv3. I understand you wanting to be cautious, but I seriously doubt I need to face an attack from our SAN. Please, at least give us an option to connect regardless.

Chosen solution

unfortunately it's not possible so set this preference selectively - with the internal firefox preference mentioned before, you can only enable or disable the weak protocol globally.

Read this answer in context 6

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36

More Information

philipp
  • Top 10 Contributor
  • Moderator
4800 solutions 21313 answers

Helpful Reply

hello, ssl 3.0 is disabled in firefox versions 34 & upwards by default - if you want to re-enable it you can do that like this which will make you vulnerable to the recently published poodle attack though: enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.tls.version.min. double-click it, change its value to 0 and restart the browser.

https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

hello, ssl 3.0 is disabled in firefox versions 34 & upwards by default - if you want to re-enable it you can do that like this which will make you vulnerable to the recently published poodle attack though: enter '''about:config''' into the firefox address bar (confirm the info message in case it shows up) & search for the preference named '''security.tls.version.min'''. double-click it, change its value to '''0''' and restart the browser. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

Helpful Reply

Thanks for your prompt reply.

Is there a way to disable ssl3.0 by default and only enable it for well-specified connections, such as internal systems you know to be safe?

Thanks for your prompt reply. Is there a way to disable ssl3.0 by default and only enable it for well-specified connections, such as internal systems you know to be safe?
philipp
  • Top 10 Contributor
  • Moderator
4800 solutions 21313 answers

Chosen Solution

unfortunately it's not possible so set this preference selectively - with the internal firefox preference mentioned before, you can only enable or disable the weak protocol globally.

unfortunately it's not possible so set this preference selectively - with the internal firefox preference mentioned before, you can only enable or disable the weak protocol globally.

Question owner

Not the answer I was hoping for, but probably the best possible solution at this time.

Thanks for your assistance, Philip.

Not the answer I was hoping for, but probably the best possible solution at this time. Thanks for your assistance, Philip.
DubStep 0 solutions 2 answers

There has to be something related to FireFox here. I simply disabled SSL v3 on a webserver of mine and this error message is displayed, saying SSLv3 is enabled, when it clearly isn't. I have verified it is not enabled, both visually, and also using this link https://www.ssllabs.com/ssltest/

I know it is off, yet FireFox displays the message: Firefox cannot guarantee the safety of your data on my.website.here because it uses SSLv3, a broken security protocol. Advanced info: ssl_error_no_cypher_overlap

What I haven't done is disable SSL2, but all of the ciphers are disabled, so that shouldn't matter. The only protocol I have it configured to support right now is TLS 1.2, since all of my clients using it have browsers that support it. It sounds to me FireFox is detecting SSLv3 incorrectly.

There has to be something related to FireFox here. I simply disabled SSL v3 on a webserver of mine and this error message is displayed, saying SSLv3 is enabled, when it clearly isn't. I have verified it is not enabled, both visually, and also using this link https://www.ssllabs.com/ssltest/ I know it is off, yet FireFox displays the message: Firefox cannot guarantee the safety of your data on my.website.here because it uses SSLv3, a broken security protocol. Advanced info: ssl_error_no_cypher_overlap What I haven't done is disable SSL2, but all of the ciphers are disabled, so that shouldn't matter. The only protocol I have it configured to support right now is TLS 1.2, since all of my clients using it have browsers that support it. It sounds to me FireFox is detecting SSLv3 incorrectly.
DubStep 0 solutions 2 answers

DubStep said

There has to be something related to FireFox here. I simply disabled SSL v3 on a webserver of mine and this error message is displayed, saying SSLv3 is enabled, when it clearly isn't. I have verified it is not enabled, both visually, and also using this link https://www.ssllabs.com/ssltest/ I know it is off, yet FireFox displays the message: Firefox cannot guarantee the safety of your data on my.website.here because it uses SSLv3, a broken security protocol. Advanced info: ssl_error_no_cypher_overlap What I haven't done is disable SSL2, but all of the ciphers are disabled, so that shouldn't matter. The only protocol I have it configured to support right now is TLS 1.2, since all of my clients using it have browsers that support it. It sounds to me FireFox is detecting SSLv3 incorrectly.

Actually check that...SSLv2 is disabled by default, so me explicitly including that line is redundant. If I turn on SSLv3 and also lower the minimum TLS version, Firefox 34.0.5 works. If I turn it off, Firefox ceases to work. Chrome still works fine with TLS 1.2. Even freaking Internet Explorer 11 works fine. Firefox is the only one with the issue. Something tells me it's ciphers, but I used the modern and intermediate settings here https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 and it didn't make a difference, other than changing the rating on my Qualys scan. My site support the ciphers below. Does Firefox not work with any of these?

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256

''DubStep [[#answer-666715|said]]'' <blockquote> There has to be something related to FireFox here. I simply disabled SSL v3 on a webserver of mine and this error message is displayed, saying SSLv3 is enabled, when it clearly isn't. I have verified it is not enabled, both visually, and also using this link https://www.ssllabs.com/ssltest/ I know it is off, yet FireFox displays the message: Firefox cannot guarantee the safety of your data on my.website.here because it uses SSLv3, a broken security protocol. Advanced info: ssl_error_no_cypher_overlap What I haven't done is disable SSL2, but all of the ciphers are disabled, so that shouldn't matter. The only protocol I have it configured to support right now is TLS 1.2, since all of my clients using it have browsers that support it. It sounds to me FireFox is detecting SSLv3 incorrectly. </blockquote> Actually check that...SSLv2 is disabled by default, so me explicitly including that line is redundant. If I turn on SSLv3 and also lower the minimum TLS version, Firefox 34.0.5 works. If I turn it off, Firefox ceases to work. Chrome still works fine with TLS 1.2. Even freaking Internet Explorer 11 works fine. Firefox is the only one with the issue. Something tells me it's ciphers, but I used the modern and intermediate settings here https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 and it didn't make a difference, other than changing the rating on my Qualys scan. My site support the ciphers below. Does Firefox not work with any of these? TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256