Tru Huynh wrote:
On Fri, Feb 10, 2017 at 12:26:14PM +0100, Patrick Begou wrote:
Hello
I have more and more troubles using firefox in professional environment with CentOS6. The latest version is 45.7.0 But I can't use it anymore to access some old server hardware (IDRAC7 of DELL C6100) because of "/SSL_ERROR_WEAK_SERVER_CERT_KEY/". I had to install an old Firefox32 version to administrate these servers.
Can you try: (in Firefox's about:config): possible workaround for SSL_ERROR_WEAK_SERVER_CERT_KEY security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha
These are yet set to true.
Today I upgrade the firmware of 2 DELL switch and now Firefox cannot connect to them anymore saying: /An error occurred during a connection to xxx.xxx.xxx.xxx. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports// //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
possible workaround for SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT security.tls.version.max 3 -> 1
You might want to revert for safer browsing, after.
With this setting I get SSL_ERROR_NO_CYPHER_OVERLAP and I cannot connect to the switch. Of course I can re-activate the old firmware version of the switch, but it has a bug I would like to solve too.....
I know that to remains compatible with old config could have security problems but all of these devices use dedicated ports (IDRAC, Out of band port management) on a private network which could be easily isolated. The idea is to have a browser dedicated to this administration (instead of several versions/profiles)
/Is there a CentOS6 recommended web browser allowing continuous connections to olds and new base level (and local) system administration services ?
maybe different profiles with differents security setup?
Cheers
Tru
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Thanks all for your suggestion to find a solution or detailing your local work around....
Patrick