Firefox Community Forum

Hello,

I have been testing all browsers I use (Firefox, Chrome, Edge) on Cloudflare Post-Quantum Key Agreement to verify PQC support. They all support the X25519MLKEM768 hybrid scheme (i.e. Cloudflare web page returns "You are using X25519MLKEM768 which is post-quantum secure").

The issue: When I run the test in Firefox multiple times by doing repeated hard refreshes (Ctrl+Shift+R), quite often the result is "You are using X25519 which is not post-quantum secure". Sometimes the very first run after opening Firefox gives the X25519 (failing) result. "Often" varies. Sometimes it's around 10 fails out of 50 tests, other times it's 1 out of 50. It seems random.

I have read that sometimes networking equipment or even ISPs can be the cause of PQC requests falling back to non-PQC due to the long keys in PQC, but I do not see this intermittent issue with Chrome or Edge on the same computer/network/ISP as Firefox. I have not seen a single failure so far on those two browsers. The only variable I am aware of is the web browser.

I also tried connecting to a cellular hotspot as well as disabling my Norton 360 firewall and the results are the same as above.

Looking for help to resolve this issue. Thanks.

Hi, I'm using a policie file to force a family-dns. Ive written the current code down below. Unfortunately this leaves the "manage exeption"-button open, where its possible to simply bypass the block for a specific site. Is there a way to lock this button in the policie file? Thank you very much. {

 "policies": {
   "DNSOverHTTPS": {
     "Enabled": true,
     "Locked": true,
     "ProviderURL": "https://doh16.jusprogdns.com/dns-query"
   },
   "Preferences": {
     "network.trr.mode": {
       "Value": 3,
       "Status": "locked"
     }
   }
 }

}

Using FF 140.10.1 esr on a windows pc I noticed (probably long after the fact and numerous updates) that there's no longer https:// in the address bar. Having some recent issues with security made me look for this.

When I switched to Edge, the https:// was in the adddresses I was using. There is a lock symbol, but the locks seem to change in their appearance from one browser or website to the next.

Was this verification sign removed and, if so, why?  

Thank you.

Recently I set up mTLS on my admin endpoint. I tried entering it as an API on the other website, and in Firefox it wouldn't work. But if I'd try to access endpoint directly it would work, and even save my certificate choice. In Chrome, everything works just fine with both direct and API access. It is not a problem of a website, nor the problem of the OPTIONS preflight, since both of those are configured correctly on my nginx.

Dear Mozilla Team,

I kindly ask you to add support for the X25519MLKEM768 hybrid post-quantum key exchange to the domain detectportal.firefox.com (the URL used by Firefox connection testing). This small change would significantly strengthen privacy protection for millions of users who rely on Firefox's connection test URL. As you know, this mechanism has already been successfully implemented on almost all of your other domains. Extending the same protection to detectportal.firefox.com would ensure consistency and close the remaining gap. Thank you very much for your ongoing work on privacy and post-quantum cryptography. I would greatly appreciate your attention to this request. Best regards, Anonymous

Hi there.

Since quite a while Firefox is trying to enhance our browsing security by "upgrading" connections from "http" to "https." This may generally be a good idea, but it is literally driving me crazy at the moment because it also does so for "internal" sites I host within my LAN (such as my "Home Assistant" instance or a Zigbee coordinator, accessible via its own hostname and web UI). However, these connections will fail, because I don't have certificates for my internal hosts, and thus there is no "https" listener. :-(

(I use my own subdomain "<host>.city.internal.example.org" internally, so Firefox may be confused?)

I feel this behavior has become "more aggressive" within the last few days, so maybe it is due to a Firefox update?

Is there a bullet-proof way to prevent Firefox from doing so?

I've already set the below options to false: - dom.security.https_first - dom.security.https_first_for_custom_ports - dom.security.https_first_for_local_addresses - dom.security.https_first_for_unknown_suffixes - dom.security.https_first_pbm - dom.security.https_first_schemeless - dom.security.https_only_mode - dom.security.https_only_mode.upgrade_local - dom.security.https_only_mode_pbm

Help, please!

I'm close to abandoning Firefox in favor of a different browser, because at the moment it's close to being unusable for me anymore... :-(

Kind regards,

Ralf

I've disabled HTTPS only mode. When i enter a local http://server.localdomain server Firefox upgrades that to https://server.localdomain. How do I disable that?

Hello Folks, I just importeda a new certificate. Then I wanted to save all my certificates for backup. Selecting "Backup all...", I neter a secure password and click ok just to get the following error message: Failed to create the PKCS #12 backup file for unknown reasons the only button is "OK"

How can I start finding out what is going on and is there any means to save my certificates?

Using firefox 148, when I select the "CIRA Canadian shield" DNS over HTTPS option it does not work. If I select the other 2 options Cloudflare or NextDNS those options work.

What is the problem with DOH for CIRA option ?

1. 1. Резюме выделенного

1. 1. 1. Общее

Выделенный фрагмент содержит **цепочку из трёх X.509 TLS-сертификатов** (формат PEM), а также временну́ю метку **«5–7 минут»** (вероятно, срок действия или контекст страницы).

---

1. 1. 1. Сертификат 1 — Конечный (End-Entity)

- **Субъект:** `accounts.firefox.com` - **Выдан:** Let's Encrypt (R13) - **Действителен:** 15.02.2026 — 16.05.2026 - **Тип:** TLS-сертификат сервера (Domain Validated) - **Алгоритм:** RSA 2048 / SHA-256

---

1. 1. 1. Сертификат 2 — Промежуточный (Intermediate CA)

- **Субъект:** `R13` (Let's Encrypt) - **Выдан:** ISRG Root X1 - **Действителен:** 13.03.2024 — 12.03.2027 - **Назначение:** Подпись конечных сертификатов Let's Encrypt

---

1. 1. 1. Сертификат 3 — Корневой (Root CA)

- **Субъект:** `ISRG Root X1` (Internet Security Research Group) - **Действителен:** 04.06.2015 — 04.06.2035 - **Назначение:** Доверенный корневой центр сертификации; самоподписанный

---

1. 1. 1. Итог

Полная цепочка доверия: `accounts.firefox.com` → `Let's Encrypt R13` → `ISRG Root X1`

Secure Connection Failed

An error occurred during a connection to chatgpt.com. Cannot communicate securely with peer: no common encryption algorithm(s).

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Learn more… this is what it says when i try to access

My broadband router set ip address is not secure as it's HTTP What is the solution to able me to access my home router via Wifi in the same location of course which is at home?

Hello everyone,

I am using Firefox latest release (eg 145.0.1).

At https://developers.cloudflare.com/ssl/post-quantum-cryptography/pqc-support/ , it seems that X25519MLKEM768 is supported since Firefox 132. Do you confirm ?

I ask this question because when I am connecting to https://pq.cloudflareresearch.com/ and activate the network tab before reaching this URL, and looked at the security tab on the right bottom panel, as you can see in the screenshot attached, in the Exchange group keys, I see x25519 and not x25519mlkem768 meaning that Firefox is not PQC ready for key establishment :-(

Best Regards.

Hi, I used to see the HTTPS designation in the Firefox address bar, but no longer see it lately. It does appear in the Edge address bar.

I do appreciate your help.

My mobile package site shows mixed-content warnings on Firefox — how can I fix this? Hello everyone, I run a website, which provides information about mobile phone prices and SIM packages in Bangladesh. Recently, I noticed that when users visit some pages in Firefox, the browser shows a “mixed-content” warning or blocks certain scripts. The same pages load fine in Chrome. All my URLs use HTTPS, and I’m using a LiteSpeed server with Cloudflare CDN. Could this issue be related to how Firefox handles external resources (like embedded operator banners or analytics scripts)? What’s the best way to debug and fix mixed-content problems in Firefox Developer Tools? Any detailed guidance or best practices would be greatly appreciated. Thanks in advance!

I am using Firefox version 140.4.0esr (64bit) Only on Firefox: when trying to connect with Pirates' web page, I have a block which reads:

Security Connection Failed - no common encription algorithems      Error Code: ssl_error_no_cypher overlap

To The Official Site of The Pittsburgh Pirates/pirates.com:Homepage

I have tried to contact them with no luck.

Can you help?

Thanks,

David Martin ([edited email from public community support forum])