How do I resolve "Error code: ssl_error_renegotiation_not_allowed"
I am trying to access an internal website that I can access using two other other popular non-FF browsers without issue. How do I resolve "Error code: ssl_error_renegotiation_not_allowed"?
所有回复 (3)
I think that indicates that the server does not support the renegotiation extension.
Firefox 38 removed a temporary preference that could override the built-in behavior of requiring "safe" negotiation. Do you have this preference in your about:config set to true? If so, it is now being ignored as a result of this change:
security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref
Someone encountered this problem and filed a bug for a different server: 1166348 – cannot login to https://sede.educacion.gob.es, a site requiring unsafe renegotiation, with a SSL certificate in Firefox 38. I think the response will be to try to get the site to update its server.
For an internal site, you may want to raise this issue with your IT and refer them to:
- https://wiki.mozilla.org/Security:Renegotiation
- 1123020 – Remove options to allow unrestricted renegotiation
If the issue is not on the server itself, possibly it is a proxy.
The website may try to fallback to a lower TLS version in a way that is no longer allowed in current releases or may be using a deprecated cipher suite.
You can open the about:config page via the location/address bar and use its search bar to locate this pref:
- security.tls.insecure_fallback_hosts
You can double-click the line to modify the pref and add the full domain (TEXT) to the value of this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). There should only be domains separated by a comma in the Value column (example.com,www.example.com).
If this helps then you can contact this website and ask them to look into this and update their security.
I tried adding the IP addresses of the hosts I need to access (192.168.blah.blah) to security.tls.insecure_fallback_hosts but no joy. I there anything else I need to do?.