Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Can't connect to internal network device using SSL (ffx 39)

  • 5 replies
  • 23 have this problem
  • 29 views
  • Last reply by LadelleIT

more options

Using FFX 39, trying to connect (https) to a couple on INTERNAL network dvices but get the error ssl_error_weak_server_cert_key .

Currently, we had to make changes to access out Exchange server webmail internally security.tl.version.min = 0 security.tl.version.fallback-limit = 0

This devicedoes not have firmware updates and standard http does not work. I was accessing these devices in 38.0.5 but the update to 29 in the past 24hr has stopped this.

The devices are D-Link DFL-800 (VPN Firewall).

This is happening on Win7 & Win8 machines also.

Is there anyway to access these?

I tried to upload an image but it times out.

Brian

Using FFX 39, trying to connect (https) to a couple on INTERNAL network dvices but get the error ssl_error_weak_server_cert_key . Currently, we had to make changes to access out Exchange server webmail internally security.tl.version.min = 0 security.tl.version.fallback-limit = 0 This devicedoes not have firmware updates and standard http does not work. I was accessing these devices in 38.0.5 but the update to 29 in the past 24hr has stopped this. The devices are D-Link DFL-800 (VPN Firewall). This is happening on Win7 & Win8 machines also. Is there anyway to access these? I tried to upload an image but it times out. Brian

All Replies (5)

more options

I'm not sure if you can still make Firefox use SSL3 (security.tls.version.min = 0) in the current release or that this has been removed.

It is possible that used cipher suites have been disabled. Firefox 39 includes a fix for the Logjam vulnerability and has disabled cipher suites that are involved with the Logjam attack.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

Logjam: How Diffie-Hellman Fails in Practice:

more options

I have tried toggling all the security.ssl3 options but no combination works.

more options

There is this bug, so it looks that you are out of luck.


Note that it is better to add a host to a whitelist pref instead of disabling this feature.

  • security.tls.insecure_fallback_hosts
  • security.tls.unrestricted_rc4_fallback

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add the full domain (TEXT) to the value of this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). There should only be domains separated by a comma in the Value column (example.com,www.example.com).


more options

I had already tried security.tls.insecure_fallback_hosts without success.

Brian

more options

And it is also impacting our Dell Openmanage access https://server:1311 .