SSL CIPHER ECDHE-RSA-AES256-SHA broken in firefox 31.0
After upgrading to firefox 31.0 on ubuntu 12.04 access to an internal website broke. with the message : SSL peer selected a cipher suite disallowed for the selected protocol version. (Error code: ssl_error_cipher_disallowed_for_version)
Note that firefox 30.0 on ubuntu 12.04 still works (tested on another machine) against the website . running cipherscan against the server revealed : prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES256-SHA SSLv3 ECDH,P-256,256bits 2 DHE-RSA-AES256-SHA SSLv3 DH,1024bits ... Disabling security.ssl3.ecdhe_rsa_aes_256_sha (setint it to false) in about:config renabled access.
So it appear to me ECDHE-RSA-AES256-SHA is broken in 31.0 on ubuntu . Anyone else have the same problem?
Alle svar (2)
Hi pbd,
ECDHE-RSA-AES256-SHA yes is controlled by this configuration. There was also a new cert released https://blog.mozilla.org/security/201.../exciting-updates-to-certificate-verification-in-gecko/
This could be an issue with outdated software on the server.
- bug 1042520 - ssl_error_cipher_disallowed_for_version for Apache with SSLv3 enabled and TLSv1+ disabled