Is there an add-on that supports old security levels
I find it frustrating every time the browser knows more about what s best for me than I do. My server has a software console port that, for reasons passing understanding, required https protocol so every time I try to access the console I run into security/certificate errors because, presumably, the certificate built into the console software is out of date.
A more recent issue is a Tripp Lite KVM console with remote access that has become useless because the SSL protocol that is used by the KVM is no longer supported by any browser. (Cipher mismatch).
The easy answer, of course, is to call up HP and tell them to rewrite the console code - or tell the system owner to toss out his servers and buy new ones .... and of course, learn never EVER to buy a Tripp Lite product.
But what I'd really like is an option ... a software configuration in some browser ... I'd call it the "pull_the_stick_from_your_butt_and_let_me_do_what_I_want_to_do" mode
I really don't need to worry that the Proliant server sitting 30 feet from me is trying to spoof me.
Does any such software or add-on exist?
Alle antwoorden (6)
dbdata said
My server has a software console port that, for reasons passing understanding, required https protocol so every time I try to access the console I run into security/certificate errors because, presumably, the certificate built into the console software is out of date.
Firefox allows exceptions for expired certificates, if that is the problem. Click the Advanced button on the error page to get a more specific diagnosis.
A more recent issue is a Tripp Lite KVM console with remote access that has become useless because the SSL protocol that is used by the KVM is no longer supported by any browser. (Cipher mismatch).
If Firefox no longer supports a particular protocol (such as SSL version 3.0) or a particular cipher, an add-on can't add that back to Firefox because the secure connection setup runs before an add-on could step in. Instead, you can use a proxy or "man in the middle" which accepts a more secure connection from Firefox and then makes a less secure connection to your device. I have never researched that in detail, but have seen it mentioned on other forums.
I really don't need to worry that the Proliant server sitting 30 feet from me is trying to spoof me.
True dat. The spoofing is performed by an adversary who wants to capture your credentials. The point of a secure connection method and valid certificate is to have confidence about what server you are actually communicating with.
As far as I can tell - a valid SSL certificate tells you that my check cleared Thawte's bank. It doesn't seem to make me less nefarious.
But on to point - it's not that I don't understand the security - it's the patronizing 'we know what's best for you' attitude that is permeating the industry. "This HTTPS site does not present a certificate however data back and forth will still be encrypted. Proceed? Y/N " How hard is that? not page after page, warning after warning, just let me do what I want to do.
As far as not supporting older version of SSL - this is once again developers sitting in their offices, working on Windows 12 and Linux 8.0 boxes running 300 Ghz cpus each with 3000 Tb memory - deciding what is and is not "safe" for me to do.
I'll see about a proxy - but it would be SO easy is someone would pull the stick outta their cache and let the people do what the people want to do.
We're busy converting web sites from http to https because "they" have decided that videos of kittens should be encrypted before downloading and "they" will no longer support http {sigh}
dbdata said
But on to point - it's not that I don't understand the security - it's the patronizing 'we know what's best for you' attitude that is permeating the industry. "This HTTPS site does not present a certificate however data back and forth will still be encrypted. Proceed? Y/N " How hard is that? not page after page, warning after warning, just let me do what I want to do.
What error page are you getting and does it have an Advanced button that leads to the ability to make an exception? How many clicks are really required? Let's get specific here.
No -- this is a dead-in-the-water issue
Secure Connection Failed
An error occurred during a connection to 10.0.0.201. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.
Learn more…
You can check the server.
You can check your browser.
dbdata said
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Okay, then it is not an issue of an out-of-date certificate, it is the configuration of the webserver in the device. If the device software cannot be updated, then you would need a proxy server to connect using Firefox.
Can you use Internet Explorer 11 to manage the device?