X
Tap here to go to the mobile version of the site.

Support Forum

SSL Certificate problems after update to Firefox 36

Posted

Since updating firefox to version 36, all 2048 bit SSL certificates for our client websites are no longer functioning and have the exclamation mark on the address bar. All previous versions of firefox are fine with the site. The site is chancerygroupplc.co.uk.

Any suggestions?

Since updating firefox to version 36, all 2048 bit SSL certificates for our client websites are no longer functioning and have the exclamation mark on the address bar. All previous versions of firefox are fine with the site. The site is chancerygroupplc.co.uk. Any suggestions?

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape "9.4.0"
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.0
  • A plugin to detect whether the Adobe Creative Cloud is installed on this machine.v_2_0_0_0
  • DivX OVS Helper Plug-in
  • DivX Web Player version 2.1.0.900
  • 1.122.0
  • 0.70.4
  • Google Update
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 10.10.2 for Mozilla browsers
  • BlackBerry WebSL Browser Plug-In
  • RealJukebox Netscape Plugin
  • 12.0.1.609
  • RealPlayer(tm) LiveConnect-Enabled Plug-In
  • RealPlayer(tm) HTML5VideoShim Plug-In
  • Shockwave Flash 13.0 r0
  • Adobe Shockwave for Director Netscape plug-in, version 11.5.9.615
  • 4.1.10329.0
  • NPWLPG
  • Yahoo Application State Plugin version 1.0.0.7
  • iTunes Detector Plug-in

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0

More Information

curtisa 18 solutions 124 answers

Your issue seems a bit more complicated and requires more investigation. We're currently looking into it and we'll get back to you with more details ASAP. Please understand that escalations can take up to 72 hours for a response, but no longer.

Your issue seems a bit more complicated and requires more investigation. We're currently looking into it and we'll get back to you with more details ASAP. Please understand that escalations can take up to 72 hours for a response, but no longer.
guigs 1072 solutions 11697 answers

SHA 256? More information on this type of encryption:

The proposed maintenance:

If we cannot investigate there is a mailing list https://www.mozilla.org/en-US/about/f.../#dev-security-policy

SHA 256? More information on this type of encryption: *[https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/] The proposed maintenance: * [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Mozilla governance Security Group] If we cannot investigate there is a mailing list [https://www.mozilla.org/en-US/about/forums/#dev-security-policy]

Modified by guigs

John99 971 solutions 13138 answers

I can not even access chancerygroupplc.co.uk from developer edition.

Running a check on the site using

I see that it is using RC4 which is broken since 2013 See for instance

The site does work using Firefox Release, IE & Chrome. I discover the site appears to be used for secure collection of debts !!

I can not even access chancerygroupplc.co.uk from developer edition. Running a check on the site using * https://www.ssllabs.com/ssltest/analyze.html?d=chancerygroupplc.co.uk I see that it is using RC4 which is broken since 2013 See for instance * https://blog.mozilla.org/security/2013/11/12/navigating-tls/ ** https://wiki.mozilla.org/Security/Server_Side_TLS#RC4_weaknesses *https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what? * https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 The site does work using Firefox Release, IE & Chrome. I discover the site appears to be used for secure collection of debts !!
John99 971 solutions 13138 answers

P.S. I note it is now a standards RFC https://tools.ietf.org/html/rfc7465

February 2015
Prohibiting RC4 Cipher Suites

Abstract

  This document requires that Transport Layer Security (TLS) clients
  and servers never negotiate the use of RC4 cipher suites when they
  establish connections.  This applies to all TLS versions.  This
  document updates RFCs 5246, 4346, and 2246.
P.S. I note it is now a standards RFC https://tools.ietf.org/html/rfc7465 February 2015 Prohibiting RC4 Cipher Suites Abstract This document requires that Transport Layer Security (TLS) clients and servers never negotiate the use of RC4 cipher suites when they establish connections. This applies to all TLS versions. This document updates RFCs 5246, 4346, and 2246.