Join the Mozilla’s Test Days event from 9–15 Jan to test the new Firefox address bar on Firefox Beta 135 and get a chance to win Mozilla swag vouchers! 🎁

Avatar for Username

Prohledat stránky podpory

Vyhněte se podvodům. Za účelem poskytnutí podpory vás nikdy nežádáme, abyste zavolali nebo poslali SMS na nějaké telefonní číslo nebo abyste sdělili své osobní údaje. Jakékoliv podezřelé chování nám prosím nahlaste pomocí odkazu „Nahlásit zneužití“.

Zjistit více

Toto vlákno bylo archivováno. Pokud potřebujete pomoci, založte prosím nový dotaz.

SSL CIPHER ECDHE-RSA-AES256-SHA broken in firefox 31.0

  • 2 odpovědi
  • 54 má tento problém
  • 9 zobrazení
  • Poslední odpověď od cor-el

pbd_391
pbd_391
more options

After upgrading to firefox 31.0 on ubuntu 12.04 access to an internal website broke. with the message : SSL peer selected a cipher suite disallowed for the selected protocol version. (Error code: ssl_error_cipher_disallowed_for_version)

Note that firefox 30.0 on ubuntu 12.04 still works (tested on another machine) against the website . running cipherscan against the server revealed : prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES256-SHA SSLv3 ECDH,P-256,256bits 2 DHE-RSA-AES256-SHA SSLv3 DH,1024bits ... Disabling security.ssl3.ecdhe_rsa_aes_256_sha (setint it to false) in about:config renabled access.

So it appear to me ECDHE-RSA-AES256-SHA is broken in 31.0 on ubuntu . Anyone else have the same problem?

After upgrading to firefox 31.0 on ubuntu 12.04 access to an internal website broke. with the message : SSL peer selected a cipher suite disallowed for the selected protocol version. (Error code: ssl_error_cipher_disallowed_for_version) Note that firefox 30.0 on ubuntu 12.04 still works (tested on another machine) against the website . running cipherscan against the server revealed : prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES256-SHA SSLv3 ECDH,P-256,256bits 2 DHE-RSA-AES256-SHA SSLv3 DH,1024bits ... Disabling security.ssl3.ecdhe_rsa_aes_256_sha (setint it to false) in about:config renabled access. So it appear to me ECDHE-RSA-AES256-SHA is broken in 31.0 on ubuntu . Anyone else have the same problem?

Všechny odpovědi (2)

guigs
guigs
more options

Hi pbd,

ECDHE-RSA-AES256-SHA yes is controlled by this configuration. There was also a new cert released https://blog.mozilla.org/security/201.../exciting-updates-to-certificate-verification-in-gecko/

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

This could be an issue with outdated software on the server.

  • bug 1042520 - ssl_error_cipher_disallowed_for_version for Apache with SSLv3 enabled and TLSv1+ disabled