X
Tap here to go to the mobile version of the site.

Support Forum

In Firefox version 37.0 getting Secure Connection Failed config parameter version.fallback-limit set to 3. Does this support TLS 1.0 .

Posted

In FF 37.0 getting secure connection failed connecting to a website. Works fine in previous version. Config parameter version.fallback-limit default setting is 3. In previous version the default setting was 1. Does the setting version.fallback-limit to 3 mean only TLS1.2 is supported. Any help is appreciated. Secure Connection Failed

The connection to xxxx.xxx.com was interrupted while the page was loading.

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Thx,

In FF 37.0 getting secure connection failed connecting to a website. Works fine in previous version. Config parameter version.fallback-limit default setting is 3. In previous version the default setting was 1. Does the setting version.fallback-limit to 3 mean only TLS1.2 is supported. Any help is appreciated. Secure Connection Failed The connection to xxxx.xxx.com was interrupted while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Thx,

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E; rv:11.0) like Gecko

More Information

cor-el
  • Top 10 Contributor
  • Moderator
17529 solutions 158481 answers

Helpful Reply

The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using a deprecated cipher suite.

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add the domain (full domain) to this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). You should only see domains separated by a comma in the value column.


See also:

The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using a deprecated cipher suite. You can open the <b>about:config</b> page via the location/address bar and use its search bar to locate this pref: *security.tls.insecure_fallback_hosts You can double-click the line to modify the pref and add the domain (full domain) to this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). You should only see domains separated by a comma in the value column. ---- See also: *https://developer.mozilla.org/en-US/Firefox/Releases/36/Site_Compatibility#Security *https://developer.mozilla.org/en-US/Firefox/Releases/37/Site_Compatibility#Security
jscher2000
  • Top 10 Contributor
8758 solutions 71663 answers

I think you have diagnosed the change in Firefox 37 correctly. Many web servers, for whatever reason, are configured to use TLS 1.0 and only TLS 1.0. The preference that cor-el mentioned allows you to try a site-specific exception to the general fallback rule. It should work immediately, that is, after you save the exception and reload the page, Firefox should connect using TLS 1.0 if that is the only issue.

I think you have diagnosed the change in Firefox 37 correctly. Many web servers, for whatever reason, are configured to use TLS 1.0 and only TLS 1.0. The preference that cor-el mentioned allows you to try a site-specific exception to the general fallback rule. It should work immediately, that is, after you save the exception and reload the page, Firefox should connect using TLS 1.0 if that is the only issue.

Question owner

Thanks for the reply. With the default out of the box Firefox 37 setting we will not be able to connect to sites which support TLS 1.0 only ( old web server) . Is this a correct statement. We are in the process of upgrading to TLS 1.2.

Thanks,

Thanks for the reply. With the default out of the box Firefox 37 setting we will not be able to connect to sites which support TLS 1.0 only ( old web server) . Is this a correct statement. We are in the process of upgrading to TLS 1.2. Thanks,
jscher2000
  • Top 10 Contributor
8758 solutions 71663 answers

That is how it looks to me so far.

That is how it looks to me so far.
cor-el
  • Top 10 Contributor
  • Moderator
17529 solutions 158481 answers
See also: *https://developer.mozilla.org/en-US/Firefox/Releases/36/Site_Compatibility#Security *https://developer.mozilla.org/en-US/Firefox/Releases/37/Site_Compatibility#Security