X
Tap here to go to the mobile version of the site.

Support Forum

Mozilla Firefox v. 40 and later, Google, mail.ru, Yandex, Rambler and etc. and ssl v3

Posted

In this screen shot shows the settings for SSL v3 browser Firefox v. 40. As you can see it is set to «true», which means using the SSL v3 protocol in the browser. But recently (about six months ago), this protocol was declared as compromised and it was recommended not to use it in applications like cipher RC4. I was carried out a simple experiment, namely, the parameters of «true» were replaced by the option «false», t. E. I have been using this protocol is disabled in the browser Firefox v. 40. And what was my surprise when you try to open the browser's https protocol such well-known sites like Google, mail.ru, Yandex, Rambler and etc. I started to write a browser that can not connect because of the inability to use SSL, word for word: "... does not support the protocol SSL». E. Support any other version of SSL in Firefox does not. Available as options to include other versions of SSL in the browser Firefox v. 40 and now also no later! Previously, the ability to disable SSL v3 protocol present! That such "care" developers "free lunch» Mozilla from the world of Open Source on the safety of users of its browser.

edit: removed your abusive language (& also the section posted in russian, since we can't judge what niceties you have posted there). please refer to the Forum rules and guidelines! (philipp)

In this screen shot shows the settings for SSL v3 browser Firefox v. 40. As you can see it is set to «true», which means using the SSL v3 protocol in the browser. But recently (about six months ago), this protocol was declared as compromised and it was recommended not to use it in applications like cipher RC4. I was carried out a simple experiment, namely, the parameters of «true» were replaced by the option «false», t. E. I have been using this protocol is disabled in the browser Firefox v. 40. And what was my surprise when you try to open the browser's https protocol such well-known sites like Google, mail.ru, Yandex, Rambler and etc. I started to write a browser that can not connect because of the inability to use SSL, word for word: "... does not support the protocol SSL». E. Support any other version of SSL in Firefox does not. Available as options to include other versions of SSL in the browser Firefox v. 40 and now also no later! Previously, the ability to disable SSL v3 protocol present! That such "care" developers "free lunch» Mozilla from the world of Open Source on the safety of users of its browser. ''edit: removed your abusive language (& also the section posted in russian, since we can't judge what niceties you have posted there). please refer to the [[Forum rules and guidelines]]! (philipp)''
Attached screenshots

Modified by philipp

Additional System Details

Application

  • Firefox 41.0.2
  • User Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240
  • Support URL: https://support.mozilla.org/1/firefox/41.0.2/Linux/ru/

Extensions

  • HTTPS-Everywhere 5.1.1 (https-everywhere-eff@eff.org)
  • NoScript 2.6.9.38 ({73a6fe31-595d-460b-a920-fcc0f8843232})
  • Ubuntu Modifications 3.2 (ubufox@ubuntu.com)
  • User Agent Switcher 0.7.3.1-signed ({e968fc70-8f95-4ab9-9e79-304de2a71ee1})

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel Open Source Technology Center -- Mesa DRI Intel(R) 965GM x86/MMX/SSE2
  • adapterDeviceID: Mesa DRI Intel(R) 965GM x86/MMX/SSE2
  • adapterDrivers:
  • adapterRAM:
  • adapterVendorID: Intel Open Source Technology Center
  • driverDate:
  • driverVersion: 2.1 Mesa 11.0.2
  • info: {u'AzureContentBackend': u'cairo', u'AzureCanvasBackend': u'cairo', u'AzureFallbackCanvasBackend': u'none', u'AzureSkiaAccelerated': 0}
  • numAcceleratedWindows: 0
  • numAcceleratedWindowsMessage: [u'']
  • numTotalWindows: 1
  • supportsHardwareH264: False
  • webglRenderer: Intel Open Source Technology Center -- Mesa DRI Intel(R) 965GM x86/MMX/SSE2
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Basic

Modified Preferences

Misc

  • User JS: No
  • Accessibility: No
philipp
  • Top 25 Contributor
  • Moderator
5306 solutions 23424 answers

Helpful Reply

hello, you are mistaken - ssl 3.0 is disabled in firefox since version 34 (released in november last year): https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

the preferences you were showing have nothing to do with enabling ssl 3.0, they are there to control individual cipher suites (the naming is for historical reasons only). please right click and reset all the security prefs you have customized in about:config. then you can check firefox on sites like https://www.ssllabs.com/ssltest/viewMyClient.html & https://www.howsmyssl.com and see that your assumptions are unfounded.

hello, you are mistaken - ssl 3.0 is disabled in firefox since version 34 (released in november last year): https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ the preferences you were showing have nothing to do with enabling ssl 3.0, they are there to control individual cipher suites (the naming is for historical reasons only). please right click and reset all the security prefs you have customized in about:config. then you can check firefox on sites like https://www.ssllabs.com/ssltest/viewMyClient.html & https://www.howsmyssl.com and see that your assumptions are unfounded.

Question owner

You: "please right click and reset all the security prefs you have customized in about:config."

===============================

1. Testing spent the set, it says that you're lying! 2. All settings shown me, exhibited by default, and I have not changed! 3. Filter on "ssl" in about:config not find ssl v2. 4. On right click not found option "reset" for reset security prefs.

You: "please right click and reset all the security prefs you have customized in about:config." =========================================== 1. Testing spent the set, it says that you're lying! 2. All settings shown me, exhibited by default, and I have not changed! 3. Filter on "ssl" in about:config not find ssl v2. 4. On right click not found option "reset" for reset security prefs.

Question owner

Screen shot...

Screen shot...
philipp
  • Top 25 Contributor
  • Moderator
5306 solutions 23424 answers

enable javascript, because the site is telling you it won't produce a reliable result without it.

enable javascript, because the site is telling you it won't produce a reliable result without it.

Question owner

And why to use SSL and TLS has become mandatory to use JavaScript? Do you think that the safe use of JavaScript in this case?

And why to use SSL and TLS has become mandatory to use JavaScript? Do you think that the safe use of JavaScript in this case?
philipp
  • Top 25 Contributor
  • Moderator
5306 solutions 23424 answers

javascript isn't a mandatory precursor to use ssl/tls, but apparently it's a necessity for sites that are testing the browser's capabilities

javascript isn't a mandatory precursor to use ssl/tls, but apparently it's a necessity for sites that are testing the browser's capabilities