搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

SSL CIPHER ECDHE-RSA-AES256-SHA broken in firefox 31.0

  • 2 个回答
  • 54 人有此问题
  • 1 次查看
  • 最后回复者为 cor-el

more options

After upgrading to firefox 31.0 on ubuntu 12.04 access to an internal website broke. with the message : SSL peer selected a cipher suite disallowed for the selected protocol version. (Error code: ssl_error_cipher_disallowed_for_version)

Note that firefox 30.0 on ubuntu 12.04 still works (tested on another machine) against the website . running cipherscan against the server revealed : prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES256-SHA SSLv3 ECDH,P-256,256bits 2 DHE-RSA-AES256-SHA SSLv3 DH,1024bits ... Disabling security.ssl3.ecdhe_rsa_aes_256_sha (setint it to false) in about:config renabled access.

So it appear to me ECDHE-RSA-AES256-SHA is broken in 31.0 on ubuntu . Anyone else have the same problem?

After upgrading to firefox 31.0 on ubuntu 12.04 access to an internal website broke. with the message : SSL peer selected a cipher suite disallowed for the selected protocol version. (Error code: ssl_error_cipher_disallowed_for_version) Note that firefox 30.0 on ubuntu 12.04 still works (tested on another machine) against the website . running cipherscan against the server revealed : prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES256-SHA SSLv3 ECDH,P-256,256bits 2 DHE-RSA-AES256-SHA SSLv3 DH,1024bits ... Disabling security.ssl3.ecdhe_rsa_aes_256_sha (setint it to false) in about:config renabled access. So it appear to me ECDHE-RSA-AES256-SHA is broken in 31.0 on ubuntu . Anyone else have the same problem?

所有回复 (2)

more options

Hi pbd,

ECDHE-RSA-AES256-SHA yes is controlled by this configuration. There was also a new cert released https://blog.mozilla.org/security/201.../exciting-updates-to-certificate-verification-in-gecko/

more options

This could be an issue with outdated software on the server.

  • bug 1042520 - ssl_error_cipher_disallowed_for_version for Apache with SSLv3 enabled and TLSv1+ disabled