ค้นหาฝ่ายสนับสนุน

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

เรียนรู้เพิ่มเติม

Firefox cannot display website that use certificate with DH key 1024 bits

  • 9 การตอบกลับ
  • 1 คนมีปัญหานี้
  • 1 ครั้งที่ดู
  • ตอบกลับล่าสุดโดย jscher2000 - Support Volunteer

more options

After I change web site certificate to use DH key with 1024 bits length, Firefox can not display the web site and provided error like "Secure Connection failed ...". I had tried disable weak cipher dhe but still not working, I had test with Internet Explorer and determine the connection as TLS 1.2 with DH 1024 bits but I do need to browse this web site from Firefox please help.

- Using Firefox 47.0

After I change web site certificate to use DH key with 1024 bits length, Firefox can not display the web site and provided error like "Secure Connection failed ...". I had tried disable weak cipher dhe but still not working, I had test with Internet Explorer and determine the connection as TLS 1.2 with DH 1024 bits but I do need to browse this web site from Firefox please help. - Using Firefox 47.0

วิธีแก้ปัญหาที่เลือก

My Firefox supports these ciphers, according to https://www.ssllabs.com/ssltest/viewMyClient.html:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) 128 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

So it seems your server doesn't support any ciphers used by Firefox 47.

อ่านคำตอบนี้ในบริบท 👍 0

การตอบกลับทั้งหมด (9)

more options

Looks like you posted using Chrome. Any issues in Chrome? Usually Chrome displays any SSL-related warnings when you click the padlock in the address bar and then click Connection on the drop-down panel.

Could you use this diagnostic page to check your site: https://www.ssllabs.com/ssltest/

For example, it evaluates whether numerous different browsers would be able to connect. If their Firefox won't connect, then it's not just your Firefox.

If this is a general Firefox problem, can you give a link to the site?

more options

It's an internal website, desktop that I need to connect to the website is using Firefox 47.0.1 but I just post this post using my laptop.

I can not use the diagnostic tool because it's an internal web site

more options

On that machine there is no Chrome install but on IE when I see the connection properties it is "TLS 1.2 AES with 128 bit encryption (High); DH with 1024 bit exchange".

more options

Sorry, I don't know to translate that into the way Firefox describes its ciphers. Maybe you can find a tool that runs inside the firewall to interrogate the server and list out the ciphers it supports to see whether there is a match with Firefox.

more options

Do you have any recommend tool to do that?

more options

When I search around, there seem to be a lot of little scanners out there, but I don't know which ones are trustworthy.

For example:

more options

After use 'NMAP' below is list of support cipher that website using:

C:\nmap\nmap-7.12>nmap --script ssl-enum-ciphers -p 443 10.136.82.105

Starting Nmap 7.12 ( https://nmap.org ) at 2016-07-14 13:57 SE Asia Standard Tim e Nmap scan report for CcpCsPG2301 (10.136.82.105) Host is up (0.0019s latency). PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (dh 1024) - A | TLS_DHE_DSS_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (dh 1024) - A | TLS_DHE_DSS_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (dh 1024) - D | compressors: | NULL | cipher preference: server | warnings: | Weak certificate signature: SHA1 |_ least strength: D

Nmap done: 1 IP address (1 host up) scanned in 1.50 seconds

C:\nmap\nmap-7.12>

more options

วิธีแก้ปัญหาที่เลือก

My Firefox supports these ciphers, according to https://www.ssllabs.com/ssltest/viewMyClient.html:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) 128 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

So it seems your server doesn't support any ciphers used by Firefox 47.