Avatar for Username

Przeszukaj pomoc

Unikaj oszustw związanych z pomocą.Nigdy nie będziemy prosić Cię o dzwonienie na numer telefonu, wysyłanie SMS-ów ani o udostępnianie danych osobowych. Zgłoś podejrzaną aktywność, korzystając z opcji „Zgłoś nadużycie”.

Learn More

Wątek został zarchiwizowany. Jeśli potrzebujesz pomocy, zadaj nowe pytanie.

Can't connect to internal network device using SSL (ffx 39)

  • 5 odpowiedzi
  • 23 osoby mają ten problem
  • 16 wyświetleń
  • Ostatnia odpowiedź od LadelleIT

LadelleIT
LadelleIT
more options

Using FFX 39, trying to connect (https) to a couple on INTERNAL network dvices but get the error ssl_error_weak_server_cert_key .

Currently, we had to make changes to access out Exchange server webmail internally security.tl.version.min = 0 security.tl.version.fallback-limit = 0

This devicedoes not have firmware updates and standard http does not work. I was accessing these devices in 38.0.5 but the update to 29 in the past 24hr has stopped this.

The devices are D-Link DFL-800 (VPN Firewall).

This is happening on Win7 & Win8 machines also.

Is there anyway to access these?

I tried to upload an image but it times out.

Brian

Using FFX 39, trying to connect (https) to a couple on INTERNAL network dvices but get the error ssl_error_weak_server_cert_key . Currently, we had to make changes to access out Exchange server webmail internally security.tl.version.min = 0 security.tl.version.fallback-limit = 0 This devicedoes not have firmware updates and standard http does not work. I was accessing these devices in 38.0.5 but the update to 29 in the past 24hr has stopped this. The devices are D-Link DFL-800 (VPN Firewall). This is happening on Win7 & Win8 machines also. Is there anyway to access these? I tried to upload an image but it times out. Brian

Wszystkie odpowiedzi (5)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

I'm not sure if you can still make Firefox use SSL3 (security.tls.version.min = 0) in the current release or that this has been removed.

It is possible that used cipher suites have been disabled. Firefox 39 includes a fix for the Logjam vulnerability and has disabled cipher suites that are involved with the Logjam attack.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

Logjam: How Diffie-Hellman Fails in Practice:

LadelleIT
LadelleIT Zadający pytanie
more options

I have tried toggling all the security.ssl3 options but no combination works.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

There is this bug, so it looks that you are out of luck.

Note that it is better to add a host to a whitelist pref instead of disabling this feature.

  • security.tls.insecure_fallback_hosts
  • security.tls.unrestricted_rc4_fallback

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add the full domain (TEXT) to the value of this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). There should only be domains separated by a comma in the Value column (example.com,www.example.com).

LadelleIT
LadelleIT Zadający pytanie
more options

I had already tried security.tls.insecure_fallback_hosts without success.

Brian

LadelleIT
LadelleIT Zadający pytanie
more options

And it is also impacting our Dell Openmanage access https://server:1311 .