Avatar for Username

Търсене в помощните статии

Избягвайте измамите при поддръжката. Никога няма да ви помолим да се обадите или изпратите SMS на телефонен номер или да споделите лична информация. Моля, докладвайте подозрителна активност на "Докладване за злоупотреба".

Научете повече

Тази тема беше архивирана. Моля, задайте нов въпрос ако имате нужда от помощ.

SSL CIPHER ECDHE-RSA-AES256-SHA broken in firefox 31.0

  • 2 отговора
  • 54 имат този проблем
  • 1 изглед
  • Последен отговор от cor-el

pbd_391
pbd_391
more options

After upgrading to firefox 31.0 on ubuntu 12.04 access to an internal website broke. with the message : SSL peer selected a cipher suite disallowed for the selected protocol version. (Error code: ssl_error_cipher_disallowed_for_version)

Note that firefox 30.0 on ubuntu 12.04 still works (tested on another machine) against the website . running cipherscan against the server revealed : prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES256-SHA SSLv3 ECDH,P-256,256bits 2 DHE-RSA-AES256-SHA SSLv3 DH,1024bits ... Disabling security.ssl3.ecdhe_rsa_aes_256_sha (setint it to false) in about:config renabled access.

So it appear to me ECDHE-RSA-AES256-SHA is broken in 31.0 on ubuntu . Anyone else have the same problem?

After upgrading to firefox 31.0 on ubuntu 12.04 access to an internal website broke. with the message : SSL peer selected a cipher suite disallowed for the selected protocol version. (Error code: ssl_error_cipher_disallowed_for_version) Note that firefox 30.0 on ubuntu 12.04 still works (tested on another machine) against the website . running cipherscan against the server revealed : prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES256-SHA SSLv3 ECDH,P-256,256bits 2 DHE-RSA-AES256-SHA SSLv3 DH,1024bits ... Disabling security.ssl3.ecdhe_rsa_aes_256_sha (setint it to false) in about:config renabled access. So it appear to me ECDHE-RSA-AES256-SHA is broken in 31.0 on ubuntu . Anyone else have the same problem?

Всички отговори (2)

guigs
guigs
more options

Hi pbd,

ECDHE-RSA-AES256-SHA yes is controlled by this configuration. There was also a new cert released https://blog.mozilla.org/security/201.../exciting-updates-to-certificate-verification-in-gecko/

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

This could be an issue with outdated software on the server.

  • bug 1042520 - ssl_error_cipher_disallowed_for_version for Apache with SSLv3 enabled and TLSv1+ disabled