X
Нажмите здесь, чтобы перейти на мобильную версию сайта.

Форум поддержки

Cannot connect using SSLv3 to my router so as to upgrade it to use TLS

Размещено

I need to connect using SSLv3 to MY router, on MY LAN, where there is NO meaningful risk of a MITM attack. Please provide instructions for doing so.

I have read through several other questions and the non-responsive answers. The best of them recommends obtaining and installing an old Firefox version from an unknown source. This as a circumvention for an apparently unalterable correction to a security exposure that does not exist on my network. It is quite unacceptable to be told that to work around a correction to a known potential vulnerability that does not exist I must install a large single purpose program that exposes not only that vulnerability but probably a number of others that might actually be of concern.

It is well and good to provide software and default settings that provide as much security as possible. It is unintelligent, however, to do it in such a way as to prevent circumvention in cases where the risk is known to be zero.

For the record, I have changed the following settings without success:

security.tls.insecure_fallback_hosts;192.168.1.2 security.tls.version.fallback-limit;0 security.tls.version.min;0

I need to connect using SSLv3 to MY router, on MY LAN, where there is NO meaningful risk of a MITM attack. Please provide instructions for doing so. I have read through several other questions and the non-responsive answers. The best of them recommends obtaining and installing an old Firefox version from an unknown source. This as a circumvention for an apparently unalterable correction to a security exposure that does not exist on my network. It is quite unacceptable to be told that to work around a correction to a known potential vulnerability that does not exist I must install a large single purpose program that exposes not only that vulnerability but probably a number of others that might actually be of concern. It is well and good to provide software and default settings that provide as much security as possible. It is unintelligent, however, to do it in such a way as to prevent circumvention in cases where the risk is known to be zero. For the record, I have changed the following settings without success: security.tls.insecure_fallback_hosts;192.168.1.2 security.tls.version.fallback-limit;0 security.tls.version.min;0

Дополнительные сведения о системе

Установленные плагины

Gnome shell integration iTunes application detector OpnH264 Video Codec (provided by Cisco, not enabled)

Приложение

  • User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36

Дополнительная информация

Application Basics
------------------
Name: Iceweasel
Version: 38.3.0
Build ID: 20150922225347
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0
Multiprocess Windows: 0/1 (default: false)
Extensions
----------
Name: Adblock Plus
Version: 2.6.6
Enabled: true
ID: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Graphics
--------
Adapter Description: nouveau -- Gallium 0.4 on NVE7
Device ID: Gallium 0.4 on NVE7
Driver Version: 3.0 Mesa 10.3.2
GPU Accelerated Windows: 0/1 Basic
Vendor ID: nouveau
WebGL Renderer: nouveau -- Gallium 0.4 on NVE7
windowLayerManagerRemote: false
AzureCanvasBackend: cairo
AzureContentBackend: cairo
AzureFallbackCanvasBackend: none
AzureSkiaAccelerated: 0
Important Modified Preferences
------------------------------
accessibility.typeaheadfind.flashBar: 0
browser.cache.disk.capacity: 235520
browser.cache.disk.smart_size_cached_value: 256000
browser.cache.disk.smart_size.first_run: false
browser.cache.disk.smart_size.use_old_max: false
browser.cache.frecency_experiment: 2
browser.download.importedFromSqlite: true
browser.download.useDownloadDir: false
browser.places.importBookmarksHTML: false
browser.places.smartBookmarksVersion: 7
browser.sessionstore.upgradeBackup.latestBuildID: 20150922225347
browser.startup.homepage_override.buildID: 20141102014832
browser.startup.homepage_override.mstone: ignore
browser.tabs.warnOnClose: false
dom.mozApps.used: true
extensions.lastAppVersion: 38.3.0
gfx.blacklist.suggested-driver-version: Mesa 8.0
media.gmp-manager.buildID: 20150922225347
network.cookie.prefsMigrated: true
network.predictor.cleaned-up: true
places.database.lastMaintenance: 1445661445
places.history.expiration.transient_current_max_pages: 16217
plugin.disable_full_page_plugin_for_types: application/pdf
plugin.importedState: true
print.print_bgcolor: false
print.print_bgimages: false
print.print_colorspace: default
print.print_downloadfonts: false
print.print_duplex: 0
print.print_evenpages: true
print.print_in_color: true
print.print_margin_bottom: 0.5
print.print_margin_left: 0.5
print.print_margin_right: 0.5
print.print_margin_top: 0.5
print.print_oddpages: true
print.print_orientation: 0
print.print_page_delay: 50
print.print_paper_data: 0
print.print_paper_height: 279.40
print.print_paper_name: na_letter
print.print_paper_size_type: 1
print.print_paper_size_unit: 1
print.print_paper_width: 215.90
print.print_plex_name: default
print.print_resolution: 1200
print.print_resolution_name: default
print.print_scaling: 1.00
print.print_shrink_to_fit: true
print.print_to_file: false
print.print_unwriteable_margin_bottom: 0
print.print_unwriteable_margin_left: 0
print.print_unwriteable_margin_right: 0
print.print_unwriteable_margin_top: 0
print.tmp.printerfeatures.CUPS/PDF.can_change_colorspace: false
print.tmp.printerfeatures.CUPS/PDF.can_change_downloadfonts: false
print.tmp.printerfeatures.CUPS/PDF.can_change_jobtitle: false
print.tmp.printerfeatures.CUPS/PDF.can_change_num_copies: true
print.tmp.printerfeatures.CUPS/PDF.can_change_orientation: true
print.tmp.printerfeatures.CUPS/PDF.can_change_paper_size: true
print.tmp.printerfeatures.CUPS/PDF.can_change_plex: false
print.tmp.printerfeatures.CUPS/PDF.can_change_printincolor: true
print.tmp.printerfeatures.CUPS/PDF.can_change_resolution: false
print.tmp.printerfeatures.CUPS/PDF.can_change_spoolercommand: false
print.tmp.printerfeatures.CUPS/PDF.colorspace.0.name: default
print.tmp.printerfeatures.CUPS/PDF.colorspace.count: 1
print.tmp.printerfeatures.CUPS/PDF.has_special_printerfeatures: true
print.tmp.printerfeatures.CUPS/PDF.orientation.0.name: portrait
print.tmp.printerfeatures.CUPS/PDF.orientation.1.name: landscape
print.tmp.printerfeatures.CUPS/PDF.orientation.count: 2
print.tmp.printerfeatures.CUPS/PDF.paper.0.height_mm: 210
print.tmp.printerfeatures.CUPS/PDF.paper.0.is_inch: false
print.tmp.printerfeatures.CUPS/PDF.paper.0.name: A5
print.tmp.printerfeatures.CUPS/PDF.paper.0.width_mm: 148
print.tmp.printerfeatures.CUPS/PDF.paper.1.height_mm: 297
print.tmp.printerfeatures.CUPS/PDF.paper.1.is_inch: false
print.tmp.printerfeatures.CUPS/PDF.paper.1.name: A4
print.tmp.printerfeatures.CUPS/PDF.paper.1.width_mm: 210
print.tmp.printerfeatures.CUPS/PDF.paper.2.height_mm: 420
print.tmp.printerfeatures.CUPS/PDF.paper.2.is_inch: false
print.tmp.printerfeatures.CUPS/PDF.paper.2.name: A3
print.tmp.printerfeatures.CUPS/PDF.paper.2.width_mm: 297
print.tmp.printerfeatures.CUPS/PDF.paper.3.height_mm: 279
print.tmp.printerfeatures.CUPS/PDF.paper.3.is_inch: true
print.tmp.printerfeatures.CUPS/PDF.paper.3.name: Letter
print.tmp.printerfeatures.CUPS/PDF.paper.3.width_mm: 215
print.tmp.printerfeatures.CUPS/PDF.paper.4.height_mm: 355
print.tmp.printerfeatures.CUPS/PDF.paper.4.is_inch: true
print.tmp.printerfeatures.CUPS/PDF.paper.4.name: Legal
print.tmp.printerfeatures.CUPS/PDF.paper.4.width_mm: 215
print.tmp.printerfeatures.CUPS/PDF.paper.5.height_mm: 431
print.tmp.printerfeatures.CUPS/PDF.paper.5.is_inch: true
print.tmp.printerfeatures.CUPS/PDF.paper.5.name: Tabloid
print.tmp.printerfeatures.CUPS/PDF.paper.5.width_mm: 279
print.tmp.printerfeatures.CUPS/PDF.paper.6.height_mm: 254
print.tmp.printerfeatures.CUPS/PDF.paper.6.is_inch: true
print.tmp.printerfeatures.CUPS/PDF.paper.6.name: Executive
print.tmp.printerfeatures.CUPS/PDF.paper.6.width_mm: 190
print.tmp.printerfeatures.CUPS/PDF.paper.count: 7
print.tmp.printerfeatures.CUPS/PDF.plex.0.name: default
print.tmp.printerfeatures.CUPS/PDF.plex.count: 1
print.tmp.printerfeatures.CUPS/PDF.resolution.0.name: default
print.tmp.printerfeatures.CUPS/PDF.resolution.count: 1
print.tmp.printerfeatures.CUPS/PDF.supports_colorspace_change: false
print.tmp.printerfeatures.CUPS/PDF.supports_downloadfonts_change: false
print.tmp.printerfeatures.CUPS/PDF.supports_jobtitle_change: false
print.tmp.printerfeatures.CUPS/PDF.supports_orientation_change: true
print.tmp.printerfeatures.CUPS/PDF.supports_paper_size_change: true
print.tmp.printerfeatures.CUPS/PDF.supports_plex_change: false
print.tmp.printerfeatures.CUPS/PDF.supports_printincolor_change: true
print.tmp.printerfeatures.CUPS/PDF.supports_resolution_change: false
print.tmp.printerfeatures.CUPS/PDF.supports_spoolercommand_change: false
print.tmp.printerfeatures.Officejet_Pro_L7700.can_change_colorspace: false
print.tmp.printerfeatures.Officejet_Pro_L7700.can_change_downloadfonts: false
print.tmp.printerfeatures.Officejet_Pro_L7700.can_change_jobtitle: false
print.tmp.printerfeatures.Officejet_Pro_L7700.can_change_num_copies: true
print.tmp.printerfeatures.Officejet_Pro_L7700.can_change_orientation: true
print.tmp.printerfeatures.Officejet_Pro_L7700.can_change_paper_size: true
print.tmp.printerfeatures.Officejet_Pro_L7700.can_change_plex: false
print.tmp.printerfeatures.Officejet_Pro_L7700.can_change_printincolor: true
print.tmp.printerfeatures.Officejet_Pro_L7700.can_change_resolution: false
print.tmp.printerfeatures.Officejet_Pro_L7700.can_change_spoolercommand: false
print.tmp.printerfeatures.Officejet_Pro_L7700.colorspace.0.name: default
print.tmp.printerfeatures.Officejet_Pro_L7700.colorspace.count: 1
print.tmp.printerfeatures.Officejet_Pro_L7700.has_special_printerfeatures: true
print.tmp.printerfeatures.Officejet_Pro_L7700.orientation.0.name: portrait
print.tmp.printerfeatures.Officejet_Pro_L7700.orientation.1.name: landscape
print.tmp.printerfeatures.Officejet_Pro_L7700.orientation.count: 2
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.0.height_mm: 210
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.0.is_inch: false
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.0.name: A5
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.0.width_mm: 148
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.1.height_mm: 297
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.1.is_inch: false
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.1.name: A4
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.1.width_mm: 210
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.2.height_mm: 420
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.2.is_inch: false
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.2.name: A3
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.2.width_mm: 297
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.3.height_mm: 279
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.3.is_inch: true
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.3.name: Letter
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.3.width_mm: 215
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.4.height_mm: 355
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.4.is_inch: true
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.4.name: Legal
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.4.width_mm: 215
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.5.height_mm: 431
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.5.is_inch: true
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.5.name: Tabloid
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.5.width_mm: 279
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.6.height_mm: 254
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.6.is_inch: true
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.6.name: Executive
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.6.width_mm: 190
print.tmp.printerfeatures.Officejet_Pro_L7700.paper.count: 7
print.tmp.printerfeatures.Officejet_Pro_L7700.plex.0.name: default
print.tmp.printerfeatures.Officejet_Pro_L7700.plex.count: 1
print.tmp.printerfeatures.Officejet_Pro_L7700.resolution.0.name: default
print.tmp.printerfeatures.Officejet_Pro_L7700.resolution.count: 1
print.tmp.printerfeatures.Officejet_Pro_L7700.supports_colorspace_change: false
print.tmp.printerfeatures.Officejet_Pro_L7700.supports_downloadfonts_change: false
print.tmp.printerfeatures.Officejet_Pro_L7700.supports_jobtitle_change: false
print.tmp.printerfeatures.Officejet_Pro_L7700.supports_orientation_change: true
print.tmp.printerfeatures.Officejet_Pro_L7700.supports_paper_size_change: true
print.tmp.printerfeatures.Officejet_Pro_L7700.supports_plex_change: false
print.tmp.printerfeatures.Officejet_Pro_L7700.supports_printincolor_change: true
print.tmp.printerfeatures.Officejet_Pro_L7700.supports_resolution_change: false
print.tmp.printerfeatures.Officejet_Pro_L7700.supports_spoolercommand_change: false
privacy.sanitize.migrateFx3Prefs: true
privacy.sanitize.timeSpan: 0
security.disable_button.openCertManager: false
security.disable_button.openDeviceManager: false
security.OCSP.disable_button.managecrl: false
security.OCSP.enabled: 0
security.tls.insecure_fallback_hosts: 192.168.1.2
security.tls.version.fallback-limit: 0
security.tls.version.min: 0
security.warn_viewing_mixed: true
storage.vacuum.last.index: 0
storage.vacuum.last.places.sqlite: 1445661445
Important Locked Preferences
----------------------------
browser.startup.homepage_override.mstone: ignore
JavaScript
----------
Incremental GC: true
Accessibility
-------------
Activated: false
Prevent Accessibility: 0
Library Versions
----------------
NSPR
Expected minimum version: 4.10.8
Version in use: 4.10.8
NSS
Expected minimum version: 3.19.2 Basic ECC
Version in use: 3.19.2 Basic ECC
NSSSMIME
Expected minimum version: 3.19.2 Basic ECC
Version in use: 3.19.2 Basic ECC
NSSSSL
Expected minimum version: 3.19.2 Basic ECC
Version in use: 3.19.2 Basic ECC
NSSUTIL
Expected minimum version: 3.19.2
Version in use: 3.19.2
Experimental Features
---------------------
Sandbox
-------
Seccomp-BPF (System Call Filtering): true
Media Plugin Sandboxing: true

cor-el
  • Top 10 Contributor
  • Moderator
17673 решений 159870 ответов
Размещено

It is possible that apart from SSL3 you also need support for cipher suites that are no longer supported. On Linux it shouldn't be a problem to install an older Firefox version that supports your modem and use that version with its own profile to access the device.

You can still find all Firefox versions on the Mozilla CDN server.

It is possible that apart from SSL3 you also need support for cipher suites that are no longer supported. On Linux it shouldn't be a problem to install an older Firefox version that supports your modem and use that version with its own profile to access the device. You can still find all Firefox versions on the Mozilla CDN server. *http://download.cdn.mozilla.net/pub/mozilla.org/firefox/releases/ *http://kb.mozillazine.org/Installing_Firefox#Linux

Изменено cor-el

Размещено

Полезный ответ

Would the possibly unsupported cipher suites be ones unsupported by Mozilla or unsupported/unavailable on Debian 8.2 and perhaps other distributions? Further information about this might be useful.

Installing an older, presumably buggier, and generally less secure, Firefox version seems a poor alternative to enabling a specific security downgrade that in the specific circumstances presents no risk at all and in general does not present a major risk for most people. Again, the releases directory, while quite extensive, seems not to contain release notes that might indicate what support was dropped, and when. A link to

https://www.mozilla.org/en-US/firefox/releases/

Examining this suggests that the last release with SSLv3 support was 33.1; the examination also suggests a large number of reasons why running this release would be a really bad idea from a security standpoint. It is easier and safer to log on to the router, switch it back to http, and use the current Chromium or Firefox browser. Unfortunately, many or most users will not be able to do that and may be stuck with routers that are insecure and cannot be updated easily with later and more secure firmware - because they did the right thing and secured their router's administration interface.

The response suggests that this is a "WON'T FIX." If so, Mozilla.org should give serious thought to changing their position. Proper network security depends on many different things. It is not appropriate for a single vendor to make arbitrary decisions that may improve security from the narrow viewpoint of their products but have an unintended consequence of forcing users to degrade other aspects of security to compensate. While the target of this particular screed is Mozilla, they are not alone: it appears that Chromium and Internet Explorer suffer from the same type of change.

Would the possibly unsupported cipher suites be ones unsupported by Mozilla or unsupported/unavailable on Debian 8.2 and perhaps other distributions? Further information about this might be useful. Installing an older, presumably buggier, and generally less secure, Firefox version seems a poor alternative to enabling a specific security downgrade that in the specific circumstances presents no risk at all and in general does not present a major risk for most people. Again, the releases directory, while quite extensive, seems not to contain release notes that might indicate what support was dropped, and when. A link to https://www.mozilla.org/en-US/firefox/releases/ Examining this suggests that the last release with SSLv3 support was 33.1; the examination also suggests a large number of reasons why running this release would be a really bad idea from a security standpoint. It is easier and safer to log on to the router, switch it back to http, and use the current Chromium or Firefox browser. Unfortunately, many or most users will not be able to do that and may be stuck with routers that are insecure and cannot be updated easily with later and more secure firmware - because they did the right thing and secured their router's administration interface. The response suggests that this is a "WON'T FIX." If so, Mozilla.org should give serious thought to changing their position. Proper network security depends on many different things. It is not appropriate for a single vendor to make arbitrary decisions that may improve security from the narrow viewpoint of their products but have an unintended consequence of forcing users to degrade other aspects of security to compensate. While the target of this particular screed is Mozilla, they are not alone: it appears that Chromium and Internet Explorer suffer from the same type of change.
cor-el
  • Top 10 Contributor
  • Moderator
17673 решений 159870 ответов
Размещено

Полезный ответ

Is Google Chrome also not able to access that router?

From Firefox there are at least older version available and if you only use them to access your router and not for browsing internet then there shouldn't be a problem.

Do you know what the last Firefox version was that worked with the router?

Then you can check the connection details and what cipher suite is used. That is what I do if someone posts a problem with a website server and I can replicate the problem to see if there is a workaround. Sometimes you can force another cipher suite by disabling cipher suites that are further up in the list that Firefox uses to try to establish a connection.

Is Google Chrome also not able to access that router? From Firefox there are at least older version available and if you only use them to access your router and not for browsing internet then there shouldn't be a problem. Do you know what the last Firefox version was that worked with the router? Then you can check the connection details and what cipher suite is used. That is what I do if someone posts a problem with a website server and I can replicate the problem to see if there is a workaround. Sometimes you can force another cipher suite by disabling cipher suites that are further up in the list that Firefox uses to try to establish a connection.

Изменено cor-el

jscher2000
  • Top 10 Contributor
8837 решений 72222 ответов
Размещено

I think Firefox 38 was the last version with SSLv3 plumbing.

(Removed completely from Fx39 by bug #1106470)

I think Firefox 38 was the last version with SSLv3 plumbing. (Removed completely from Fx39 by bug #1106470)

Изменено jscher2000

Размещено

Задавший вопрос

I was using 38.3.0, so it appears the damage was done before that. Looking at release notes suggests it might have been disabled in R.37 ("Disabled insecure TLS version fallback for site security") or possibly killed by disallowing RC4 in R.36, which also might have affected certificate processing ("Phasing out Certificates with 1024-bit RSA Keys"). It may be that the code remained in R.38 but was disabled, and earlier removal of RC4 or short key support may be the problem.

I stand by my claim that it is inadvisable to remove legacy security components simply because they no longer offer the protection they once did. Using a vulnerable SSL is not worse than using insecure HTTP.

jscher2000 said

I think Firefox 38 was the last version with SSLv3 plumbing. (Removed completely from Fx39 by bug #1106470)
I was using 38.3.0, so it appears the damage was done before that. Looking at release notes suggests it might have been disabled in R.37 ("Disabled insecure TLS version fallback for site security") or possibly killed by disallowing RC4 in R.36, which also might have affected certificate processing ("Phasing out Certificates with 1024-bit RSA Keys"). It may be that the code remained in R.38 but was disabled, and earlier removal of RC4 or short key support may be the problem. I stand by my claim that it is inadvisable to remove legacy security components simply because they no longer offer the protection they once did. Using a vulnerable SSL is not worse than using insecure HTTP. ''jscher2000 [[#answer-798117|said]]'' <blockquote> I think Firefox 38 was the last version with SSLv3 plumbing. (Removed completely from Fx39 by bug #1106470) </blockquote>
jscher2000
  • Top 10 Contributor
8837 решений 72222 ответов
Размещено

But in Firefox 38.3.0esr you may still be able to re-enable SSLv3 in about:config --

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste TLS and pause while the list is filtered

(3) Double-click the security.tls.version.min preference and reduce the value from 1 to 0 (that's a zero)

-- that no longer has any effect in Firefox 39 and later.

But in Firefox 38.3.0esr you may still be able to re-enable SSLv3 in about:config -- (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful. (2) In the search box above the list, type or paste '''TLS''' and pause while the list is filtered (3) Double-click the '''security.tls.version.min''' preference and reduce the value from 1 to 0 (that's a zero) -- that no longer has any effect in Firefox 39 and later.

Изменено jscher2000

cor-el
  • Top 10 Contributor
  • Moderator
17673 решений 159870 ответов
Размещено

For websites you can probably add such a website domain to a whitelist pref, but that may not work with a router that you access via the IP address.

Disabling this security altogether is not recommended, but you can consider to use a separate profile if you can make it work in Firefox 38 or lower.

  • security.tls.insecure_fallback_hosts
  • security.tls.version.fallback-limit

See also:

For websites you can probably add such a website domain to a whitelist pref, but that may not work with a router that you access via the IP address. Disabling this security altogether is not recommended, but you can consider to use a separate profile if you can make it work in Firefox 38 or lower. *security.tls.insecure_fallback_hosts *security.tls.version.fallback-limit See also: *https://developer.mozilla.org/Mozilla/Multiple_Firefox_Profiles
Размещено

Задавший вопрос

Yes, current versions of Chromium, as well as Internet Explorer, exhibit the same defect, with equal opaqueness to prevent diagnosing the problem in detail. Unfortunately I do not know the last version that worked; this router logs to a log server and rarely needs admin access. It probably has been over a year since I had occasion to do that.

An old version of Firefox might solve the problem, or might not, depending on details that the error panel does not report. For instance, if Firefox SSL depends on shared libraries supplied by the OS, and the OS has changed them to cause the error, a different Firefox (or Chrome) might be, at best, a partial answer. In any event it would be cruft, and a browser which would be used for only one purpose and unsafe to use for others. Disabling more preferred (and therefore more secure) ciphers arguably is an inferior option to either using a backlevel browser or my alternative of using non-SSL http.

=> Does Firefox have a log to report details of such events, or a debug mode that will enable data collection for faults like that of the current topic?


cor-el said

Is Google Chrome also not able to access that router? From Firefox there are at least older version available and if you only use them to access your router and not for browsing internet then there shouldn't be a problem. Do you know what the last Firefox version was that worked with the router? Then you can check the connection details and what cipher suite is used. That is what I do if someone posts a problem with a website server and I can replicate the problem to see if there is a workaround. Sometimes you can force another cipher suite by disabling cipher suites that are further up in the list that Firefox uses to try to establish a connection.
Yes, current versions of Chromium, as well as Internet Explorer, exhibit the same defect, with equal opaqueness to prevent diagnosing the problem in detail. Unfortunately I do not know the last version that worked; this router logs to a log server and rarely needs admin access. It probably has been over a year since I had occasion to do that. An old version of Firefox might solve the problem, or might not, depending on details that the error panel does not report. For instance, if Firefox SSL depends on shared libraries supplied by the OS, and the OS has changed them to cause the error, a different Firefox (or Chrome) might be, at best, a partial answer. In any event it would be cruft, and a browser which would be used for only one purpose and unsafe to use for others. Disabling more preferred (and therefore more secure) ciphers arguably is an inferior option to either using a backlevel browser or my alternative of using non-SSL http. => Does Firefox have a log to report details of such events, or a debug mode that will enable data collection for faults like that of the current topic? ''cor-el [[#answer-798110|said]]'' <blockquote> Is Google Chrome also not able to access that router? From Firefox there are at least older version available and if you only use them to access your router and not for browsing internet then there shouldn't be a problem. Do you know what the last Firefox version was that worked with the router? Then you can check the connection details and what cipher suite is used. That is what I do if someone posts a problem with a website server and I can replicate the problem to see if there is a workaround. Sometimes you can force another cipher suite by disabling cipher suites that are further up in the list that Firefox uses to try to establish a connection. </blockquote>
Размещено

Задавший вопрос

Before opening this thread I already had changed:

security:tls:version:min from 2 to 0 security:tls:version:fallback-limit from 3 to 0 security:tls_insecure_fallback_hosts from (null) to my router's name, which is resolved correctly by the local DNS server.

These changes did not have the desired effect. The initial post stated that, but somewhat imprecisely.

Before opening this thread I already had changed: security:tls:version:min from 2 to 0 security:tls:version:fallback-limit from 3 to 0 security:tls_insecure_fallback_hosts from (null) to my router's name, which is resolved correctly by the local DNS server. These changes did not have the desired effect. The initial post stated that, but somewhat imprecisely.
jscher2000
  • Top 10 Contributor
8837 решений 72222 ответов
Размещено

Sorry, I missed that in your original question. Could you double-check on this test page: https://zmap.io/sslv3/sslv3test.html

Sorry, I missed that in your original question. Could you double-check on this test page: https://zmap.io/sslv3/sslv3test.html
cor-el
  • Top 10 Contributor
  • Moderator
17673 решений 159870 ответов
Размещено
See also: *https://www.ssllabs.com/ssltest/viewMyClient.html
Размещено

Задавший вопрос

Same response, I think:

The connection to <FQDN> was interrupted while the page was loading.

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

jscher2000 said

Sorry, I missed that in your original question. Could you double-check on this test page: https://zmap.io/sslv3/sslv3test.html
Same response, I think: The connection to <FQDN> was interrupted while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. ''jscher2000 [[#answer-798182|said]]'' <blockquote> Sorry, I missed that in your original question. Could you double-check on this test page: https://zmap.io/sslv3/sslv3test.html </blockquote>