X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

access to low 40-bit ciphers no longer works with Firefox 19.0

Posted

Since updating to 19.0 I have a problem accessing https servers with old, less-secure ciphers:

Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

I have used about:config to set security.ssl3.rsa_rc4_40_md5;true, which is how I got this to work for older versions of Firefox. It is still set to true after update to 19.0, but access no longer works.

Additional System Details

Installed Plug-ins

  • Google Update
  • Shockwave Flash 11.6 r602
  • Next Generation Java Plug-in 10.13.2 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • LogMeIn, Inc. Remote Access Components
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.5
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • VLC media player Web Plugin 2.0.2
  • Adobe Shockwave for Director Netscape plug-in, version 11.6.6.636
  • 5.1.10411.0
  • GEPlugin
  • Adobe Shockwave for Director Netscape plug-in, version 11.6.1.629
  • Garmin Communicator Plug-In 2.9.3.0
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Zeon PDF Plugin For Mozilla
  • Office Authorization plug-in for NPAPI browsers
  • Office Plugin for Netscape Navigator

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

More Information

cor-el
  • Top 10 Contributor
  • Moderator
10779 solutions 97009 answers

That is the result of the landing of this bug:

  • bug 799007 - Remove support for low/weak/null cipher suites

(please do not comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html)

Question owner

Thanks cor-el.

I use Firefox to access the management ports of IBM pSeries p5 machines. These run a basic webserver and use https with low-security ciphers. They are not updateable to change this. Up until now, setting security.ssl3.rsa_rc4_40_md5;true has allowed me to continue to use Firefox to access these systems. With this "bug fix", actually a reduction in basic functionality, I can no longer do so. Our production servers are thus currently at risk. Any suggestions as to how I can get this necessary functionality back? Use some sort of "lite" browser just to access these management ports? As FireFox is my browser of choice, I do not want to have to permanently back-level it and expose myself to future security risks.

Helpful Reply

Having tried a few "slim" browsers, which all also no longer support 40-bit or 56-bit ciphers, I have reverted to FF 17.03esr, which works a treat.

I shall now progress this issue further with IBM.

cor-el
  • Top 10 Contributor
  • Moderator
10779 solutions 97009 answers

Helpful Reply

You can install a portable Firefox (ESR) version to access websites that do not work with the current Firefox release.