We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Avatar for Username

Etsi tuesta

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Lue lisää

Ketju on arkistoitu. Esitä kysymys, jos tarvitset apua.

SSL CIPHER ECDHE-RSA-AES256-SHA broken in firefox 31.0

  • 2 vastausta
  • 54 henkilöllä on sama ongelma
  • 1 näyttö
  • Viimeisin kirjoittaja cor-el

pbd_391
pbd_391
more options

After upgrading to firefox 31.0 on ubuntu 12.04 access to an internal website broke. with the message : SSL peer selected a cipher suite disallowed for the selected protocol version. (Error code: ssl_error_cipher_disallowed_for_version)

Note that firefox 30.0 on ubuntu 12.04 still works (tested on another machine) against the website . running cipherscan against the server revealed : prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES256-SHA SSLv3 ECDH,P-256,256bits 2 DHE-RSA-AES256-SHA SSLv3 DH,1024bits ... Disabling security.ssl3.ecdhe_rsa_aes_256_sha (setint it to false) in about:config renabled access.

So it appear to me ECDHE-RSA-AES256-SHA is broken in 31.0 on ubuntu . Anyone else have the same problem?

After upgrading to firefox 31.0 on ubuntu 12.04 access to an internal website broke. with the message : SSL peer selected a cipher suite disallowed for the selected protocol version. (Error code: ssl_error_cipher_disallowed_for_version) Note that firefox 30.0 on ubuntu 12.04 still works (tested on another machine) against the website . running cipherscan against the server revealed : prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES256-SHA SSLv3 ECDH,P-256,256bits 2 DHE-RSA-AES256-SHA SSLv3 DH,1024bits ... Disabling security.ssl3.ecdhe_rsa_aes_256_sha (setint it to false) in about:config renabled access. So it appear to me ECDHE-RSA-AES256-SHA is broken in 31.0 on ubuntu . Anyone else have the same problem?

Kaikki vastaukset (2)

guigs
guigs
more options

Hi pbd,

ECDHE-RSA-AES256-SHA yes is controlled by this configuration. There was also a new cert released https://blog.mozilla.org/security/201.../exciting-updates-to-certificate-verification-in-gecko/

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

This could be an issue with outdated software on the server.

  • bug 1042520 - ssl_error_cipher_disallowed_for_version for Apache with SSLv3 enabled and TLSv1+ disabled