Showing questions tagged: Show all questions
  • Solved
  • Archived

Cannot disable Cipher TLS_RSA_WITH_AES_128_GCM_SHA256 or TLS_RSA_WITH_AES_256_GCM_SHA384

Hi there, I'm trying to disable insecure ciphers in TLS 1.2 since 1.3 isn't widely supported yet. I'm using this to determine whats secure: https://browserleaks.com/ssl… (read more)

Hi there,

I'm trying to disable insecure ciphers in TLS 1.2 since 1.3 isn't widely supported yet.

I'm using this to determine whats secure: https://browserleaks.com/ssl

I cant find any option to disable these two ciphers:

0x009c TLS_RSA_WITH_AES_128_GCM_SHA256 0x009d TLS_RSA_WITH_AES_256_GCM_SHA384

Thanks :)

Asked by Reuben 1 year ago

Answered by Mike Kaply 1 year ago

  • Archived

Why does Firefox get "SecureConnectionFailed - PR_CONNECT_ABORTED_ERROR" when connecting to website that has the SHA1 hash disabled?

Security consultants have advised that cipher suites using the SHA1 hash are no longer considered secure and should not be enabled. Using the nmap tool we can identify wh… (read more)

Security consultants have advised that cipher suites using the SHA1 hash are no longer considered secure and should not be enabled.

Using the nmap tool we can identify which cipher suites use the SHA1 hash.

On our webserver, (IIS version 8.5 on Windows 2012 R2 ) if we eliminate cipher suites that contain the SHA1 hash, the Firefox browser cannot browse the site. Error displayed = Secure Connection Failed - PR_CONNECT_ABORTED_ERROR We tested versions up to Firefox ( v75.0 ).

Other browsers such as Chrome and IE have no issues browsing our site with the SHA1 hash disabled.

Once the SHA1 hash is enabled, Firefox works fine. Seeking a solution that will satisfy the security folks and our Firefox users.

Asked by SPI_help 1 year ago

Last reply by jscher2000 1 year ago