We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Firefox cannot display website that use certificate with DH key 1024 bits

more options

After I change web site certificate to use DH key with 1024 bits length, Firefox can not display the web site and provided error like "Secure Connection failed ...". I had tried disable weak cipher dhe but still not working, I had test with Internet Explorer and determine the connection as TLS 1.2 with DH 1024 bits but I do need to browse this web site from Firefox please help.

- Using Firefox 47.0

After I change web site certificate to use DH key with 1024 bits length, Firefox can not display the web site and provided error like "Secure Connection failed ...". I had tried disable weak cipher dhe but still not working, I had test with Internet Explorer and determine the connection as TLS 1.2 with DH 1024 bits but I do need to browse this web site from Firefox please help. - Using Firefox 47.0

被選擇的解決方法

My Firefox supports these ciphers, according to https://www.ssllabs.com/ssltest/viewMyClient.html:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) 128 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

So it seems your server doesn't support any ciphers used by Firefox 47.

從原來的回覆中察看解決方案 👍 0

所有回覆 (9)

more options

Looks like you posted using Chrome. Any issues in Chrome? Usually Chrome displays any SSL-related warnings when you click the padlock in the address bar and then click Connection on the drop-down panel.

Could you use this diagnostic page to check your site: https://www.ssllabs.com/ssltest/

For example, it evaluates whether numerous different browsers would be able to connect. If their Firefox won't connect, then it's not just your Firefox.

If this is a general Firefox problem, can you give a link to the site?

more options

It's an internal website, desktop that I need to connect to the website is using Firefox 47.0.1 but I just post this post using my laptop.

I can not use the diagnostic tool because it's an internal web site

more options

What does Chrome show?

more options

On that machine there is no Chrome install but on IE when I see the connection properties it is "TLS 1.2 AES with 128 bit encryption (High); DH with 1024 bit exchange".

more options

Sorry, I don't know to translate that into the way Firefox describes its ciphers. Maybe you can find a tool that runs inside the firewall to interrogate the server and list out the ciphers it supports to see whether there is a match with Firefox.

more options

Do you have any recommend tool to do that?

more options

When I search around, there seem to be a lot of little scanners out there, but I don't know which ones are trustworthy.

For example:

more options

After use 'NMAP' below is list of support cipher that website using:

C:\nmap\nmap-7.12>nmap --script ssl-enum-ciphers -p 443 10.136.82.105

Starting Nmap 7.12 ( https://nmap.org ) at 2016-07-14 13:57 SE Asia Standard Tim e Nmap scan report for CcpCsPG2301 (10.136.82.105) Host is up (0.0019s latency). PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (dh 1024) - A | TLS_DHE_DSS_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (dh 1024) - A | TLS_DHE_DSS_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (dh 1024) - D | compressors: | NULL | cipher preference: server | warnings: | Weak certificate signature: SHA1 |_ least strength: D

Nmap done: 1 IP address (1 host up) scanned in 1.50 seconds

C:\nmap\nmap-7.12>

more options

選擇的解決方法

My Firefox supports these ciphers, according to https://www.ssllabs.com/ssltest/viewMyClient.html:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) 128 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

So it seems your server doesn't support any ciphers used by Firefox 47.