Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Meer info

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

My "SSL client is Bad" says https://www.howsmyssl.com/

  • 3 antwoorden
  • 3 hebben dit probleem
  • 1 weergave
  • Laatste antwoord van cor-el

more options

I heard a "Security" check site that said that My "SSL Client is BAD". Can I purchase anything safely on my computer even though I see the HTTPS"? I type https://howsmyssl.com and it says that I'm in trouble. Please try it and explain. Thank you! (jimmy Curk)

I heard a "Security" check site that said that My "SSL Client is BAD". Can I purchase anything safely on my computer even though I see the HTTPS"? I type https://howsmyssl.com and it says that I'm in trouble. Please try it and explain. Thank you! (jimmy Curk)

Gekozen oplossing

hello jimmy - the site you have referenced is testing for compatibility with TLS 1.2, which will ship with firefox 27 which is going to be released next week. so try it again then...

https://www.mozilla.org/en-US/firefox/27.0beta/releasenotes/

Dit antwoord in context lezen 👍 3

Alle antwoorden (3)

more options

Gekozen oplossing

hello jimmy - the site you have referenced is testing for compatibility with TLS 1.2, which will ship with firefox 27 which is going to be released next week. so try it again then...

https://www.mozilla.org/en-US/firefox/27.0beta/releasenotes/

more options

Yes, no, it depends...

The SSL standard has evolved over time and the newer versions are stronger. It would be ideal if you could always use TLS 1.2. However, Firefox might not be able to "fall back" to an older standard if you choose TLS 1.2, so that is not enabled by default.

If you don't mind doing a little tinkering, you can change Firefox's behavior to always try TLS 1.1 first instead of starting with the older TLS 1.0. If you start running into sites that fail to connect, you may need to revert to the default setting.

Ready to go?

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the Search box above the list, type or paste tls and pause while the list is filtered

(3) Double-click security.tls.version.max and change it from 1 to 2 and click OK. (For future reference, 1=TLS 1.0, 2=TLS 1.1)

Any luck?

more options

To satisfy the site you would have to use TLS 1.2 (security.tls.version.max = 3) and toggle security.ssl3.rsa_fips_des_ede3_sha to false to disable this cipher.
I'm not sure if that is advisable in the current Firefox release in case the TLS 1.2 implementation is still buggy .
The Firefox 27 release candidate has security.tls.version.max set to 3 by default and security.ssl3.rsa_fips_des_ede3_sha = false and shows the "Your SSL client is Probably Okay." message.