X
Tap here to go to the mobile version of the site.

Support Forum

Is there an add-on that supports old security levels

Posted

I find it frustrating every time the browser knows more about what s best for me than I do. My server has a software console port that, for reasons passing understanding, required https protocol so every time I try to access the console I run into security/certificate errors because, presumably, the certificate built into the console software is out of date.

A more recent issue is a Tripp Lite KVM console with remote access that has become useless because the SSL protocol that is used by the KVM is no longer supported by any browser. (Cipher mismatch).

The easy answer, of course, is to call up HP and tell them to rewrite the console code - or tell the system owner to toss out his servers and buy new ones .... and of course, learn never EVER to buy a Tripp Lite product.

But what I'd really like is an option ... a software configuration in some browser ... I'd call it the "pull_the_stick_from_your_butt_and_let_me_do_what_I_want_to_do" mode

I really don't need to worry that the Proliant server sitting 30 feet from me is trying to spoof me.

Does any such software or add-on exist?

I find it frustrating every time the browser knows more about what s best for me than I do. My server has a software console port that, for reasons passing understanding, required https protocol so every time I try to access the console I run into security/certificate errors because, presumably, the certificate built into the console software is out of date. A more recent issue is a Tripp Lite KVM console with remote access that has become useless because the SSL protocol that is used by the KVM is no longer supported by any browser. (Cipher mismatch). The easy answer, of course, is to call up HP and tell them to rewrite the console code - or tell the system owner to toss out his servers and buy new ones .... and of course, learn never EVER to buy a Tripp Lite product. But what I'd really like is an option ... a software configuration in some browser ... I'd call it the "pull_the_stick_from_your_butt_and_let_me_do_what_I_want_to_do" mode I really don't need to worry that the Proliant server sitting 30 feet from me is trying to spoof me. Does any such software or add-on exist?
Quote

Additional System Details

Installed Plug-ins

  • Shockwave Flash 19.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0

More Information

jscher2000
  • Top 10 Contributor
8573 solutions 70108 answers

dbdata said

My server has a software console port that, for reasons passing understanding, required https protocol so every time I try to access the console I run into security/certificate errors because, presumably, the certificate built into the console software is out of date.

Firefox allows exceptions for expired certificates, if that is the problem. Click the Advanced button on the error page to get a more specific diagnosis.

A more recent issue is a Tripp Lite KVM console with remote access that has become useless because the SSL protocol that is used by the KVM is no longer supported by any browser. (Cipher mismatch).

If Firefox no longer supports a particular protocol (such as SSL version 3.0) or a particular cipher, an add-on can't add that back to Firefox because the secure connection setup runs before an add-on could step in. Instead, you can use a proxy or "man in the middle" which accepts a more secure connection from Firefox and then makes a less secure connection to your device. I have never researched that in detail, but have seen it mentioned on other forums.

I really don't need to worry that the Proliant server sitting 30 feet from me is trying to spoof me.

True dat. The spoofing is performed by an adversary who wants to capture your credentials. The point of a secure connection method and valid certificate is to have confidence about what server you are actually communicating with.

''dbdata [[#question-1266789|said]]'' <blockquote> My server has a software console port that, for reasons passing understanding, required https protocol so every time I try to access the console I run into security/certificate errors because, presumably, the certificate built into the console software is out of date.</blockquote> Firefox allows exceptions for expired certificates, if that is the problem. Click the Advanced button on the error page to get a more specific diagnosis. <blockquote>A more recent issue is a Tripp Lite KVM console with remote access that has become useless because the SSL protocol that is used by the KVM is no longer supported by any browser. (Cipher mismatch).</blockquote> If Firefox no longer supports a particular protocol (such as SSL version 3.0) or a particular cipher, an add-on can't add that back to Firefox because the secure connection setup runs before an add-on could step in. Instead, you can use a proxy or "man in the middle" which accepts a more secure connection from Firefox and then makes a less secure connection to your device. I have never researched that in detail, but have seen it mentioned on other forums. <blockquote> I really don't need to worry that the Proliant server sitting 30 feet from me is trying to spoof me. </blockquote> True dat. The spoofing is performed by an adversary who wants to capture your credentials. The point of a secure connection method and valid certificate is to have confidence about what server you are actually communicating with.
Was this helpful to you?
Quote

Question owner

As far as I can tell - a valid SSL certificate tells you that my check cleared Thawte's bank. It doesn't seem to make me less nefarious.

But on to point - it's not that I don't understand the security - it's the patronizing 'we know what's best for you' attitude that is permeating the industry. "This HTTPS site does not present a certificate however data back and forth will still be encrypted. Proceed? Y/N " How hard is that? not page after page, warning after warning, just let me do what I want to do.

As far as not supporting older version of SSL - this is once again developers sitting in their offices, working on Windows 12 and Linux 8.0 boxes running 300 Ghz cpus each with 3000 Tb memory - deciding what is and is not "safe" for me to do.

I'll see about a proxy - but it would be SO easy is someone would pull the stick outta their cache and let the people do what the people want to do.

We're busy converting web sites from http to https because "they" have decided that videos of kittens should be encrypted before downloading and "they" will no longer support http {sigh}

As far as I can tell - a valid SSL certificate tells you that my check cleared Thawte's bank. It doesn't seem to make me less nefarious. But on to point - it's not that I don't understand the security - it's the patronizing 'we know what's best for you' attitude that is permeating the industry. "This HTTPS site does not present a certificate however data back and forth will still be encrypted. Proceed? Y/N " How hard is that? not page after page, warning after warning, just let me do what I want to do. As far as not supporting older version of SSL - this is once again developers sitting in their offices, working on Windows 12 and Linux 8.0 boxes running 300 Ghz cpus each with 3000 Tb memory - deciding what is and is not "safe" for me to do. I'll see about a proxy - but it would be SO easy is someone would pull the stick outta their cache and let the people do what the people want to do. We're busy converting web sites from http to https because "they" have decided that videos of kittens should be encrypted before downloading and "they" will no longer support http {sigh}
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8573 solutions 70108 answers

dbdata said

But on to point - it's not that I don't understand the security - it's the patronizing 'we know what's best for you' attitude that is permeating the industry. "This HTTPS site does not present a certificate however data back and forth will still be encrypted. Proceed? Y/N " How hard is that? not page after page, warning after warning, just let me do what I want to do.

What error page are you getting and does it have an Advanced button that leads to the ability to make an exception? How many clicks are really required? Let's get specific here.

''dbdata [[#answer-1244465|said]]'' <blockquote> But on to point - it's not that I don't understand the security - it's the patronizing 'we know what's best for you' attitude that is permeating the industry. "This HTTPS site does not present a certificate however data back and forth will still be encrypted. Proceed? Y/N " How hard is that? not page after page, warning after warning, just let me do what I want to do. </blockquote> What error page are you getting and does it have an Advanced button that leads to the ability to make an exception? How many clicks are really required? Let's get specific here.
Was this helpful to you?
Quote

Question owner

No -- this is a dead-in-the-water issue

Secure Connection Failed

An error occurred during a connection to 10.0.0.201. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Learn more…

No -- this is a dead-in-the-water issue Secure Connection Failed An error occurred during a connection to 10.0.0.201. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Learn more…
Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17336 solutions 156744 answers

You can check the server.

You can check your browser.

You can check the server. *https://www.ssllabs.com/ssltest/ You can check your browser. *https://www.ssllabs.com/ssltest/viewMyClient.html
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8573 solutions 70108 answers

dbdata said

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

Okay, then it is not an issue of an out-of-date certificate, it is the configuration of the webserver in the device. If the device software cannot be updated, then you would need a proxy server to connect using Firefox.

Can you use Internet Explorer 11 to manage the device?

''dbdata [[#answer-1244474|said]]'' <blockquote>Error code: SSL_ERROR_NO_CYPHER_OVERLAP </blockquote> Okay, then it is not an issue of an out-of-date certificate, it is the configuration of the webserver in the device. If the device software cannot be updated, then you would need a proxy server to connect using Firefox. Can you use Internet Explorer 11 to manage the device?
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.