Whitelist particular sites to use SSLv3
Is there a way to allow specific sites to use SSLv3 (ie White-list SSLv3)?
Older network gear or other management interfaces are unlikely to be updated, but I don't want to do an all or nothing fix for a handful of sites.
Chosen solution
as this is a primarily community-run support forum it's probably not the right place to request features (we cannot implement any features & devs won't read here). please either use https://input.mozilla.org/feedback for general feedback or if you feel that it's a missing feature in the browser file a bug at bugzilla.mozilla.org.
i agree with ideato that a portable version of firefox that is configured and used just for this purpose is probably the best way to go about it at the moment...
Read this answer in context 👍 3All Replies (7)
Hello, unfortunately i don't think you can do that
another option is to download the firefox Portable Edition and to set the next preferences to 0 (zero) in about:config
Lowest acceptable protocol: security.tls.version.min (default = 1) Highest allowed protocol: security.tls.version.max (default = 3)
and use that firefox for the sites you want (the sites with ssl3)
thank you
We really need a way to have corner case fixes to widely sweeping problems like this one. Many of these issues require so much work to actually fix, and some fixes will never be done (older networking gear) that exposing the entire browser to be able to connect to 1 site is not the best solution.
Maybe a toggle rather than about:config tweaks?
SSLv3 is SO insecure that it is VERY dangerous to have anything on the web running it. If your equipment doesn't have a firmware update, the you need to buy new equipment. I know it sucks, but it is a nearly 20 year old protocol, and it's not safe to use. This has been an established fact for sometime and isn't news to anyone.
You can use this extension to enable SSL3 temporarily for a website that needs SSL3.
- SSL Version Control: https://addons.mozilla.org/firefox/addon/ssl-version-control/
Tyler Downer said
SSLv3 is SO insecure that it is VERY dangerous to have anything on the web running it. If your equipment doesn't have a firmware update, the you need to buy new equipment. I know it sucks, but it is a nearly 20 year old protocol, and it's not safe to use. This has been an established fact for sometime and isn't news to anyone.
Ok. But when you have 100K USD sunk in a piece of equipment that does it's job and is behind perimeter security on an isolated network, "just buy a new one" doesn't really fly, but yet I still have to manage it. I understand that in an ideal world the vendor would be responsible and fix it, but this isn't one, and discussing how it ideally could be would not net any useful outcome.
cor-el said
You can use this extension to enable SSL3 temporarily for a website that needs SSL3.
- SSL Version Control: https://addons.mozilla.org/firefox/addon/ssl-version-control/
Better than manipulating about:config, but still an all or nothing solution. Better would be a per site solution.
Seçilmiş Həll
as this is a primarily community-run support forum it's probably not the right place to request features (we cannot implement any features & devs won't read here). please either use https://input.mozilla.org/feedback for general feedback or if you feel that it's a missing feature in the browser file a bug at bugzilla.mozilla.org.
i agree with ideato that a portable version of firefox that is configured and used just for this purpose is probably the best way to go about it at the moment...