Showing questions tagged: Show all questions
  • Archived

некоторые сайты начинающиеся с https отображаются некорректно

При открытии некоторых сайтов, вроде не всех, начинающихся с https не отображается вся структура и оформление сайта. Если в адресной строке у httpS стереть S , то все ста… (read more)

При открытии некоторых сайтов, вроде не всех, начинающихся с https не отображается вся структура и оформление сайта. Если в адресной строке у httpS стереть S , то все становится на свои места.... Пример прилагаю.

Asked by dogmd 5 years ago

Last reply by guigs 5 years ago

  • Archived

Can't enable TLS 1.3

I have downloaded both the Nightly and Firefox Dev Edition but non of them can enable TLS 1.3 I have use "about:config" to config the tls max version to "4" (which should… (read more)

I have downloaded both the Nightly and Firefox Dev Edition but non of them can enable TLS 1.3

I have use "about:config" to config the tls max version to "4" (which should be TLS1.3 supported) but nothing happens. I try the https://nghttp2.org:13443/ (which is TLS1.3 supported if I connect it by openssl directly).

Asked by yctung 2 years ago

Last reply by cor-el 2 years ago

  • Archived

Firefox fails to negotiate TLS on site but other browsers can

Site is https://supportfiles.emc.com Chrome and Chromium can load it. Firefox on Linux and Windows cannot. "Secure Connection Failed The connection to the server was rese… (read more)

Site is https://supportfiles.emc.com

Chrome and Chromium can load it. Firefox on Linux and Windows cannot.

"Secure Connection Failed The connection to the server was reset while the page was loading."

Chrome and Chromium can load it. Firefox on Linux and Windows cannot. I tested with Firefox that has no extensions loaded. I tried it from different networks(thinking that my IP was being blocked).

Wireshark shows that the remote server is resetting the connection.

SSL Labs test ( https://www.ssllabs.com/ssltest/analyze.html?d=supportfiles.emc.com ) shows that NONE of the Firefox browsers they test can open it:

Firefox 31.3.0 ESR / Win 7 Server closed connection Firefox 47 / Win 7 R Server closed connection Firefox 49 / XP SP3 Server closed connection Firefox 62 / Win 7 R Server closed connection

Is Firefox doing TLS negotiation in such a unique way that a remote server can be configured so as to be incompatible only with Firefox?

Asked by emwsgc 1 year ago

Last reply by Corey 'linuxmodder' Sheldon 1 year ago

Reenable TLS protocol (1.0 and 1.1) on Firefox 71 after March 2020.

Hi all, with the depreciation for TLS protocol (1.0 and 1.1) on Firefox announced at March 2020, I would like to know if it's possible to reenable those after this date ?… (read more)

Hi all, with the depreciation for TLS protocol (1.0 and 1.1) on Firefox announced at March 2020, I would like to know if it's possible to reenable those after this date ? Regards.

Asked by Julien 5 months ago

Last reply by cor-el 5 months ago

TLS handshake slow, times out after Mac Mojave update

This has now happened after the last two Mac updates. I get the TLS handshake forever until it times out. Occasionally something gets through (like the Mozilla help pages… (read more)

This has now happened after the last two Mac updates. I get the TLS handshake forever until it times out. Occasionally something gets through (like the Mozilla help pages!) Unlike others who have posted this issue, the same problem holds in Chrome and Safari. I have tried various fixes, including a new identity on my Mac, with no success. Last time the issue seemed to spontaneously resolve after a couple of hours and never reappeared until Mac updated again. While all this is happening, my email works fine, my husband's macbook pro (just like mine) works fine, and my iPad works fine. I have left this message on the Mac help forum, too, hoping someone will have some idea of what is happening. OS Mojave 10.14.6

Asked by sunolen 3 months ago

Last reply by cor-el 3 months ago

Mozilla Firefox does not work when disabling the encryption key TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

Dear Mozilla team, We are a company that develops web systems. The customer’s security service asks us to close all old encryption keys on the server in order to avoid sy… (read more)

Dear Mozilla team,

We are a company that develops web systems. The customer’s security service asks us to close all old encryption keys on the server in order to avoid system vulnerabilities and use only new keys. We disabled most of the old keys and the system works fine on all browsers. As soon as we turn off the encryption key TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014), then all web systems stop working through the Mozilla Firefox browser. (At the same time, everything works correctly on other browsers). The Mozilla Firefox Documentation says that this browser supports new encryption keys and can work without old encryption keys. Link (https://wiki.mozilla.org/Security/Server_Side_TLS). Also on our server are included all the necessary encryption keys for Mozilla Firefox to work.

Do you have any ideas on how to solve this?

Asked by yulyan.karpiy 2 months ago

Last reply by dkeeler 2 months ago

Is there any future plan to Block TLSv1.0 and TLSv.1.1 in Firefox ESR Browser like it is announced for the regular FIrefox Browser ?

https://www.zdnet.com/article/browsers-to-block-access-to-https-sites-using-tls-1-0-and-1-1-starting-this-month/ Firefox 74.0 has stopped allowing TLSv1.0 and TLSv.1.1 … (read more)

https://www.zdnet.com/article/browsers-to-block-access-to-https-sites-using-tls-1-0-and-1-1-starting-this-month/

Firefox 74.0 has stopped allowing TLSv1.0 and TLSv.1.1

Does latest version of Firefox ESR also blocking them ? Or any chances of blocking them in future ?

Asked by bhavana.v1 2 months ago

Last reply by philipp 2 months ago

Firefox using "TLSv1 Record Layer" possibly makes company portal inaccessible

Since we switched to a new company portal ("intranet"), I can no longer use Firefox to access it. Chrome and Internet Exploder both work fine (on the very same machine, s… (read more)

Since we switched to a new company portal ("intranet"), I can no longer use Firefox to access it. Chrome and Internet Exploder both work fine (on the very same machine, same network, etc!).

The error message I get is:

An error occurred during a connection to <hostname>. PR_CONNECT_RESET_ERROR

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Somehow this sounds like a certificate verification problem, but if that was really a problem, Firefox wouldn't continue starting the TLS handshake, right? But it does...

I used Wireshark to do network traces, and I can see that after the initial "client hello" the portal web server resets the connection. When I compared the snoop to one captured for Chrome, I noticed that the "client hello" Firefox sends uses a "TLSv1 Record Layer" in the "Client Hello," while Chrome uses a "TLSv1.2 Record Layer" in the "Client Hello."

I set "security.tls.version.min" to "2" already, but that didn't help.

I later also noticed that Chrome offers two TLS_RSA_WITH_AES_xxx_GCM_SHAxxx crypto suites, while Firefox doesn't.

My guess is that one of the above observations is likely the reason why Firefox can't connect.

Does that sound plausible to you? Why the difference in the TLS record layer? Why doesn't Firefox the above cypto suites? Are they considered insecure?

(Before you ask, unfortunately I can't give the host name to our portal, sorry.)

Many thanks for your help, this is really annoying me...

Kr,

Ralf

Asked by Ralf G. R. Bergs 2 months ago

Last reply by jscher2000 2 months ago