ძიება მხარდაჭერაში

ნუ გაებმებით თაღლითების მახეში მხარდაჭერის საიტზე. აქ არასდროს მოგთხოვენ სატელეფონო ნომერზე დარეკვას, შეტყობინების გამოგზავნას ან პირადი მონაცემების გაზიარებას. გთხოვთ, გვაცნობოთ რამე საეჭვოს შემჩნევისას „დარღვევაზე მოხსენების“ მეშვეობით.

ვრცლად

Can't connect to internal network device using SSL (ffx 39)

  • 5 პასუხი
  • 23 მომხმარებელი წააწყდა მსგავს სიძნელეს
  • 29 ნახვა
  • ბოლოს გამოეხმაურა LadelleIT

Using FFX 39, trying to connect (https) to a couple on INTERNAL network dvices but get the error ssl_error_weak_server_cert_key .

Currently, we had to make changes to access out Exchange server webmail internally security.tl.version.min = 0 security.tl.version.fallback-limit = 0

This devicedoes not have firmware updates and standard http does not work. I was accessing these devices in 38.0.5 but the update to 29 in the past 24hr has stopped this.

The devices are D-Link DFL-800 (VPN Firewall).

This is happening on Win7 & Win8 machines also.

Is there anyway to access these?

I tried to upload an image but it times out.

Brian

Using FFX 39, trying to connect (https) to a couple on INTERNAL network dvices but get the error ssl_error_weak_server_cert_key . Currently, we had to make changes to access out Exchange server webmail internally security.tl.version.min = 0 security.tl.version.fallback-limit = 0 This devicedoes not have firmware updates and standard http does not work. I was accessing these devices in 38.0.5 but the update to 29 in the past 24hr has stopped this. The devices are D-Link DFL-800 (VPN Firewall). This is happening on Win7 & Win8 machines also. Is there anyway to access these? I tried to upload an image but it times out. Brian

ყველა პასუხი (5)

I'm not sure if you can still make Firefox use SSL3 (security.tls.version.min = 0) in the current release or that this has been removed.

It is possible that used cipher suites have been disabled. Firefox 39 includes a fix for the Logjam vulnerability and has disabled cipher suites that are involved with the Logjam attack.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

Logjam: How Diffie-Hellman Fails in Practice:

I have tried toggling all the security.ssl3 options but no combination works.

There is this bug, so it looks that you are out of luck.


Note that it is better to add a host to a whitelist pref instead of disabling this feature.

  • security.tls.insecure_fallback_hosts
  • security.tls.unrestricted_rc4_fallback

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add the full domain (TEXT) to the value of this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). There should only be domains separated by a comma in the Value column (example.com,www.example.com).


I had already tried security.tls.insecure_fallback_hosts without success.

Brian

And it is also impacting our Dell Openmanage access https://server:1311 .