Hello swinster70,

Welcome to the Mozilla Support Forum.

You indicated in your question that Firefox hangs/crashes when viewing certain sites. It would be therefore useful if you could provide a crash report. Please follow the steps below to provide us crash IDs to help us learn more about your crash.

1. Enter about:crashes in the Firefox address bar and press Enter. A Submitted Crash Reports list will appear, similar to the one shown below.
2. Copy the 5 most recent Report IDs that start with bp- and paste them into your response here.

More information and further troubleshooting steps can be found in the Troubleshoot Firefox crashes (closing or quitting unexpectedly) article.

Mattlem

There have been issues reported caused by using some SSL cipher suites that aren't working properly with some servers.

A possibility to test this is to disable all SSL cipher suites on the about:config page (i.e. toggle security.ssl3.* prefs that are true to false) and enable one at the time to see if you can find the culprit and keep this suite disabled and reset the other cipher suites or possibly continue testing to see which ciphers work with this server.

Do a hard refresh of the tab with this not working page via "Ctrl+F5" or "Ctrl+Shift+R" after each change.

Hey mattlem. Unfortunately, there are no bp crash files to show as Firefox doesn't crash exactly, it more a case that the page simple hangs on loading - Firefox itself is still functional. It more as cor-el states that it more like the SSL suite have been broken in Firefox 27

cor-el, I have tried switching All suites off in Firefox 27, and then one on in turn, but of course as something is broken, it didn't help much. However, I went through the lot again on a machine running Firefox 26. The suite that worked with this particular site were:

• security.ssl3.rsa_aes_128_sha
• security.ssl3.rsa_aes_256_sha
• security.ssl3.rsa_des_ede3_sha
• security.ssl3.rsa_rc4_128_md5
• security.ssl3.rsa_rc4_128_sha
• security.ssl3.rsa_seed_sha

Maybe this narrow things down slightly, but none of these work in Firefox 27.

Cheers

Does it has effect if you disable or limit TLS support by setting the security.tls.version.max to a lower value?

• http://kb.mozillazine.org/security.tls.version.*

0 means SSL 3.0, 1 means TLS 1.0, 2 means TLS 1.1, 3 means TLS 1.2 etc.

Ah ha, now we're getting somewhere. FF27 defaults this value to 3, FF26 looks like it default to 1. Setting the value to 1 resolves the issue (2 doesn't work either).

Would it be possible to use the higher TLS versions if available and workable on the site that can cope with it, but reduce to this lower level when they can't, or are we stuck forcing to TLS 1.0 all the time?

Many thanks for you input

core-el, the Link you provide does provide some interesting comment, namely in the cavets:

Caveats

• There is currently no fallback from TLS 1.1/1.2 to earlier protocols. Thus, selecting security.tls.version.max = 2 (or 3) for TLS 1.1 (or 1.2) support results in the connection failing when the server connected to doesn't support that version. Once the fallback is implemented, the default for security.tls.version.max will be changed to 3 to utilize the most recent TLS 1.2 version by default.

I'm not sure how up-to-date this actual is, but it is obviously still broken so maybe the value "3" shouldn't be applied by default in the the new Firefox upgrades.

Many thanks for your help

Chris

Bug 839310 - Add insecure fallback from TLS 1.1 -> TLS 1.0