SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers

Alexander Bochmann ab at lists.gxis.de
Sun Jul 19 10:59:38 UTC 2015


...on Fri, Jul 17, 2015 at 01:42:37PM +0000, Matthew Huff wrote:

 > After making the about:config changes, no warning is given to the user about the bad ciphers. Even if you click the SSL lock icon, no warning is given. Only if you know that the connection being made with "TLS_RSA_WITH_AES_128_CBC_SHA,128 bit keys, TLS 1.0" is a bad thing would you have any clue.

I've found the Calomel SSL Validation Add-on to be quite useful in that 
regard. It adds some controls to access FF encryptions settings, as well 
as a quick overview on the quality of a TLS connection:

https://calomel.org/firefox_ssl_validation.html
https://addons.mozilla.org/en-us/firefox/addon/calomel-ssl-validation/

In general, an old version of Firefox Portable seems a must-have item in 
the admin toolchest right now - there's just too much stuff still out 
there that can't be accessed with either current Firefox or IE anymore.

Alex.




More information about the NANOG mailing list