dbdata said

My server has a software console port that, for reasons passing understanding, required https protocol so every time I try to access the console I run into security/certificate errors because, presumably, the certificate built into the console software is out of date.

Firefox allows exceptions for expired certificates, if that is the problem. Click the Advanced button on the error page to get a more specific diagnosis.

A more recent issue is a Tripp Lite KVM console with remote access that has become useless because the SSL protocol that is used by the KVM is no longer supported by any browser. (Cipher mismatch).

If Firefox no longer supports a particular protocol (such as SSL version 3.0) or a particular cipher, an add-on can't add that back to Firefox because the secure connection setup runs before an add-on could step in. Instead, you can use a proxy or "man in the middle" which accepts a more secure connection from Firefox and then makes a less secure connection to your device. I have never researched that in detail, but have seen it mentioned on other forums.

I really don't need to worry that the Proliant server sitting 30 feet from me is trying to spoof me.

True dat. The spoofing is performed by an adversary who wants to capture your credentials. The point of a secure connection method and valid certificate is to have confidence about what server you are actually communicating with.

As far as I can tell - a valid SSL certificate tells you that my check cleared Thawte's bank. It doesn't seem to make me less nefarious.

But on to point - it's not that I don't understand the security - it's the patronizing 'we know what's best for you' attitude that is permeating the industry. "This HTTPS site does not present a certificate however data back and forth will still be encrypted. Proceed? Y/N " How hard is that? not page after page, warning after warning, just let me do what I want to do.

As far as not supporting older version of SSL - this is once again developers sitting in their offices, working on Windows 12 and Linux 8.0 boxes running 300 Ghz cpus each with 3000 Tb memory - deciding what is and is not "safe" for me to do.

I'll see about a proxy - but it would be SO easy is someone would pull the stick outta their cache and let the people do what the people want to do.

We're busy converting web sites from http to https because "they" have decided that videos of kittens should be encrypted before downloading and "they" will no longer support http {sigh}

dbdata said

But on to point - it's not that I don't understand the security - it's the patronizing 'we know what's best for you' attitude that is permeating the industry. "This HTTPS site does not present a certificate however data back and forth will still be encrypted. Proceed? Y/N " How hard is that? not page after page, warning after warning, just let me do what I want to do.

What error page are you getting and does it have an Advanced button that leads to the ability to make an exception? How many clicks are really required? Let's get specific here.

No -- this is a dead-in-the-water issue

Secure Connection Failed

An error occurred during a connection to 10.0.0.201. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Learn more…

You can check the server.

• https://www.ssllabs.com/ssltest/

You can check your browser.

• https://www.ssllabs.com/ssltest/viewMyClient.html

dbdata said

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

Okay, then it is not an issue of an out-of-date certificate, it is the configuration of the webserver in the device. If the device software cannot be updated, then you would need a proxy server to connect using Firefox.

Can you use Internet Explorer 11 to manage the device?