SSL Certificate problems after update to Firefox 36
Since updating firefox to version 36, all 2048 bit SSL certificates for our client websites are no longer functioning and have the exclamation mark on the address bar. All previous versions of firefox are fine with the site. The site is chancerygroupplc.co.uk.
Any suggestions?
Todas as respostas (4)
Your issue seems a bit more complicated and requires more investigation. We're currently looking into it and we'll get back to you with more details ASAP. Please understand that escalations can take up to 72 hours for a response, but no longer.
SHA 256? More information on this type of encryption:
The proposed maintenance:
If we cannot investigate there is a mailing list https://www.mozilla.org/en-US/about/f.../#dev-security-policy
Modificado por guigs a
I can not even access chancerygroupplc.co.uk from developer edition.
Running a check on the site using
I see that it is using RC4 which is broken since 2013 See for instance
- https://blog.mozilla.org/security/2013/11/12/navigating-tls/
- https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what?
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566
The site does work using Firefox Release, IE & Chrome. I discover the site appears to be used for secure collection of debts !!
P.S. I note it is now a standards RFC https://tools.ietf.org/html/rfc7465
February 2015 Prohibiting RC4 Cipher Suites
Abstract
This document requires that Transport Layer Security (TLS) clients and servers never negotiate the use of RC4 cipher suites when they establish connections. This applies to all TLS versions. This document updates RFCs 5246, 4346, and 2246.