Kukhonjiswa imibuzo ethegiwe: Veza yonke imibuzo
  • Okugcinwe kunqolobane

Reenable TLS protocol (1.0 and 1.1) on Firefox 71 after March 2020.

Hi all, with the depreciation for TLS protocol (1.0 and 1.1) on Firefox announced at March 2020, I would like to know if it's possible to reenable those after this date ?… (funda kabanzi)

Hi all, with the depreciation for TLS protocol (1.0 and 1.1) on Firefox announced at March 2020, I would like to know if it's possible to reenable those after this date ? Regards.

Asked by Julien 8 izinyanga ezidlule

Last reply by cor-el 8 izinyanga ezidlule

  • Okugcinwe kunqolobane

Can't enable TLS 1.3

I have downloaded both the Nightly and Firefox Dev Edition but non of them can enable TLS 1.3 I have use "about:config" to config the tls max version to "4" (which should… (funda kabanzi)

I have downloaded both the Nightly and Firefox Dev Edition but non of them can enable TLS 1.3

I have use "about:config" to config the tls max version to "4" (which should be TLS1.3 supported) but nothing happens. I try the https://nghttp2.org:13443/ (which is TLS1.3 supported if I connect it by openssl directly).

Asked by yctung 3 iminyaka edlule

Last reply by cor-el 3 iminyaka edlule

Firefox using "TLSv1 Record Layer" possibly makes company portal inaccessible

Since we switched to a new company portal ("intranet"), I can no longer use Firefox to access it. Chrome and Internet Exploder both work fine (on the very same machine, s… (funda kabanzi)

Since we switched to a new company portal ("intranet"), I can no longer use Firefox to access it. Chrome and Internet Exploder both work fine (on the very same machine, same network, etc!).

The error message I get is:

An error occurred during a connection to <hostname>. PR_CONNECT_RESET_ERROR

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Somehow this sounds like a certificate verification problem, but if that was really a problem, Firefox wouldn't continue starting the TLS handshake, right? But it does...

I used Wireshark to do network traces, and I can see that after the initial "client hello" the portal web server resets the connection. When I compared the snoop to one captured for Chrome, I noticed that the "client hello" Firefox sends uses a "TLSv1 Record Layer" in the "Client Hello," while Chrome uses a "TLSv1.2 Record Layer" in the "Client Hello."

I set "security.tls.version.min" to "2" already, but that didn't help.

I later also noticed that Chrome offers two TLS_RSA_WITH_AES_xxx_GCM_SHAxxx crypto suites, while Firefox doesn't.

My guess is that one of the above observations is likely the reason why Firefox can't connect.

Does that sound plausible to you? Why the difference in the TLS record layer? Why doesn't Firefox the above cypto suites? Are they considered insecure?

(Before you ask, unfortunately I can't give the host name to our portal, sorry.)

Many thanks for your help, this is really annoying me...

Kr,

Ralf

Asked by Ralf G. R. Bergs 4 izinyanga ezidlule

Last reply by jscher2000 4 izinyanga ezidlule

Mozilla Firefox does not work when disabling the encryption key TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

Dear Mozilla team, We are a company that develops web systems. The customer’s security service asks us to close all old encryption keys on the server in order to avoid sy… (funda kabanzi)

Dear Mozilla team,

We are a company that develops web systems. The customer’s security service asks us to close all old encryption keys on the server in order to avoid system vulnerabilities and use only new keys. We disabled most of the old keys and the system works fine on all browsers. As soon as we turn off the encryption key TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014), then all web systems stop working through the Mozilla Firefox browser. (At the same time, everything works correctly on other browsers). The Mozilla Firefox Documentation says that this browser supports new encryption keys and can work without old encryption keys. Link (https://wiki.mozilla.org/Security/Server_Side_TLS). Also on our server are included all the necessary encryption keys for Mozilla Firefox to work.

Do you have any ideas on how to solve this?

Asked by yulyan.karpiy 5 izinyanga ezidlule

Last reply by dkeeler 5 izinyanga ezidlule

Is there any future plan to Block TLSv1.0 and TLSv.1.1 in Firefox ESR Browser like it is announced for the regular FIrefox Browser ?

https://www.zdnet.com/article/browsers-to-block-access-to-https-sites-using-tls-1-0-and-1-1-starting-this-month/ Firefox 74.0 has stopped allowing TLSv1.0 and TLSv.1.1 … (funda kabanzi)

https://www.zdnet.com/article/browsers-to-block-access-to-https-sites-using-tls-1-0-and-1-1-starting-this-month/

Firefox 74.0 has stopped allowing TLSv1.0 and TLSv.1.1

Does latest version of Firefox ESR also blocking them ? Or any chances of blocking them in future ?

Asked by bhavana.v1 4 izinyanga ezidlule

Last reply by philipp 4 izinyanga ezidlule

  • Kusonjululiwe

Cannot disable Cipher TLS_RSA_WITH_AES_128_GCM_SHA256 or TLS_RSA_WITH_AES_256_GCM_SHA384

Hi there, I'm trying to disable insecure ciphers in TLS 1.2 since 1.3 isn't widely supported yet. I'm using this to determine whats secure: https://browserleaks.com/ssl… (funda kabanzi)

Hi there,

I'm trying to disable insecure ciphers in TLS 1.2 since 1.3 isn't widely supported yet.

I'm using this to determine whats secure: https://browserleaks.com/ssl

I cant find any option to disable these two ciphers:

0x009c TLS_RSA_WITH_AES_128_GCM_SHA256 0x009d TLS_RSA_WITH_AES_256_GCM_SHA384

Thanks :)

Asked by Reuben 3 emasontweni adlule

Answered by Mike Kaply 3 emasontweni adlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

TLS handshake for minutes, then fail. Computer restart always fixes

This started when I installed V68 on my Mac (I'm on 68.0.2 now, Mac is 10.12.6). About half the time when I start my computer in the morning, when I try to browse *any* … (funda kabanzi)

This started when I installed V68 on my Mac (I'm on 68.0.2 now, Mac is 10.12.6). About half the time when I start my computer in the morning, when I try to browse *any* site (http or https), I get the TLS handshake attempt that lasts for several minutes, then connection fails.

BUT, *unlike other posts with this problem*, if I restart my computer (restarting FF does not fix it), all is well. A detail (not sure if relevant): the pages my (Comcast) server has local copies of, that is, my home page and a couple of very frequently accessed pages, I can access, but any other site, regardless of http or https, results in the TLS handshake "freeze 'n fail."

  • Edit: I just lost then, 10 mins later, regained my Comcast (internet, mail, cable). I did not re-start computer or FF, but when signal returned, I got the dreaded TLS Handshake Freeze 'N Fail. Again, computer restart let me come here to report.

Asked by ChrisG 11 izinyanga ezidlule

Answered by ChrisG 7 izinyanga ezidlule

  • Okugcinwe kunqolobane

How to allow using TLSv1.2 on specific website

I am trying to enter this website - https://historiapojazdu.gov.pl/przykladowy-raport and keep getting error about bad encryption used there. Is there way to temporary di… (funda kabanzi)

I am trying to enter this website - https://historiapojazdu.gov.pl/przykladowy-raport and keep getting error about bad encryption used there. Is there way to temporary disable this feature or add site to whitelist?

Asked by kubahaha 4 iminyaka edlule

Last reply by kubahaha 4 iminyaka edlule

  • Okugcinwe kunqolobane

Firefox fails to negotiate TLS on site but other browsers can

Site is https://supportfiles.emc.com Chrome and Chromium can load it. Firefox on Linux and Windows cannot. "Secure Connection Failed The connection to the server was rese… (funda kabanzi)

Site is https://supportfiles.emc.com

Chrome and Chromium can load it. Firefox on Linux and Windows cannot.

"Secure Connection Failed The connection to the server was reset while the page was loading."

Chrome and Chromium can load it. Firefox on Linux and Windows cannot. I tested with Firefox that has no extensions loaded. I tried it from different networks(thinking that my IP was being blocked).

Wireshark shows that the remote server is resetting the connection.

SSL Labs test ( https://www.ssllabs.com/ssltest/analyze.html?d=supportfiles.emc.com ) shows that NONE of the Firefox browsers they test can open it:

Firefox 31.3.0 ESR / Win 7 Server closed connection Firefox 47 / Win 7 R Server closed connection Firefox 49 / XP SP3 Server closed connection Firefox 62 / Win 7 R Server closed connection

Is Firefox doing TLS negotiation in such a unique way that a remote server can be configured so as to be incompatible only with Firefox?

Asked by emwsgc 1 unyaka odlule

Last reply by Corey 'linuxmodder' Sheldon 1 unyaka odlule

  • Okugcinwe kunqolobane

некоторые сайты начинающиеся с https отображаются некорректно

При открытии некоторых сайтов, вроде не всех, начинающихся с https не отображается вся структура и оформление сайта. Если в адресной строке у httpS стереть S , то все ста… (funda kabanzi)

При открытии некоторых сайтов, вроде не всех, начинающихся с https не отображается вся структура и оформление сайта. Если в адресной строке у httpS стереть S , то все становится на свои места.... Пример прилагаю.

Asked by dogmd 5 iminyaka edlule

Last reply by guigs 5 iminyaka edlule

TLS handshake slow, times out after Mac Mojave update

This has now happened after the last two Mac updates. I get the TLS handshake forever until it times out. Occasionally something gets through (like the Mozilla help pages… (funda kabanzi)

This has now happened after the last two Mac updates. I get the TLS handshake forever until it times out. Occasionally something gets through (like the Mozilla help pages!) Unlike others who have posted this issue, the same problem holds in Chrome and Safari. I have tried various fixes, including a new identity on my Mac, with no success. Last time the issue seemed to spontaneously resolve after a couple of hours and never reappeared until Mac updated again. While all this is happening, my email works fine, my husband's macbook pro (just like mine) works fine, and my iPad works fine. I have left this message on the Mac help forum, too, hoping someone will have some idea of what is happening. OS Mojave 10.14.6

Asked by sunolen 5 izinyanga ezidlule

Last reply by cor-el 5 izinyanga ezidlule

How to stop Firefox from sending TLS 1.0 even after disabled in settings.

Currently running Firefox 73.0.1. Connections to my server from Firefox all fail with 'connection_reset' from the server. Wireshark capture shows that Firefox is attempti… (funda kabanzi)

Currently running Firefox 73.0.1.

Connections to my server from Firefox all fail with 'connection_reset' from the server.

Wireshark capture shows that Firefox is attempting a 'Client Hello' using TLS 1.0.

Servers are configured with TLS 1.0 removed/disabled.

All the Firefox advanced settings in about:config are set with TLS 1.2 as the minimum, yet Firefox insists on sending TLS 1.0 'client hello'.

Not an expert, but it kind of looks like Firefox is sending a TLS 1.2 'Client Hello' encapsulated inside a TLS 1.0 'Client Hello'? Is this even possible?

Chrome, IE, and Edge behave appropriately and send 'Client Hello' as TLS 1.2.

How do we get Firefox to send the appropriate 'Client Hello'?

This affects multiple versions of Firefox, even the beta builds that I tested over the weekend and occurs on any machine tested so far. Windows 10, various flavors of Linux, etc.

See screenshots below for configuration settings and wireshark capture.

Thanks for the help!

Asked by Mike Leimer 5 izinyanga ezidlule

Last reply by Mike Leimer 5 izinyanga ezidlule