Hello
I have more and more troubles using firefox in professional environment with CentOS6. The latest version is 45.7.0 But I can't use it anymore to access some old server hardware (IDRAC7 of DELL C6100) because of "/SSL_ERROR_WEAK_SERVER_CERT_KEY/". I had to install an old Firefox32 version to administrate these servers.
Today I upgrade the firmware of 2 DELL switch and now Firefox cannot connect to them anymore saying: /An error occurred during a connection to xxx.xxx.xxx.xxx. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports// //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
/Is there a CentOS6 recommended web browser allowing continuous connections to olds and new base level (and local) system administration services ?
Thanks
Patrick
Hi,
I had the same problem. Stick to the old Firefox, but only to access old idrac, ipmi etc.
-- Sent from the Delta quadrant using Borg technology!
Nux! www.nux.ro
----- Original Message -----
From: "Patrick Begou" Patrick.Begou@legi.grenoble-inp.fr To: "CentOS mailing list" centos@centos.org Sent: Friday, 10 February, 2017 11:26:14 Subject: [CentOS] Wich web browser on CentOS6 ?
Hello
I have more and more troubles using firefox in professional environment with CentOS6. The latest version is 45.7.0 But I can't use it anymore to access some old server hardware (IDRAC7 of DELL C6100) because of "/SSL_ERROR_WEAK_SERVER_CERT_KEY/". I had to install an old Firefox32 version to administrate these servers.
Today I upgrade the firmware of 2 DELL switch and now Firefox cannot connect to them anymore saying: /An error occurred during a connection to xxx.xxx.xxx.xxx. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports// //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
/Is there a CentOS6 recommended web browser allowing continuous connections to olds and new base level (and local) system administration services ?
Thanks
Patrick
--
| Equipe M.O.S.T. | | | Patrick BEGOU | mailto:Patrick.Begou@grenoble-inp.fr | | LEGI | | | BP 53 X | Tel 04 76 82 51 35 | | 38041 GRENOBLE CEDEX | Fax 04 76 82 52 71 | ===================================================================
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Hm,
an Idee is to use a docker instance. I do that at my office, because need JAVA 1.6 in the browser.
Sincerely
Andy
Am Freitag, den 10.02.2017, 12:26 +0100 schrieb Patrick Begou:
Hello
I have more and more troubles using firefox in professional environment with CentOS6. The latest version is 45.7.0 But I can't use it anymore to access some old server hardware (IDRAC7 of DELL C6100) because of "/SSL_ERROR_WEAK_SERVER_CERT_KEY/". I had to install an old Firefox32 version to administrate these servers.
Today I upgrade the firmware of 2 DELL switch and now Firefox cannot connect to them anymore saying: /An error occurred during a connection to xxx.xxx.xxx.xxx. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports// //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
/Is there a CentOS6 recommended web browser allowing continuous connections to olds and new base level (and local) system administration services ?
Thanks
Patrick
On Fri, Feb 10, 2017 at 12:26:14PM +0100, Patrick Begou wrote:
Hello
I have more and more troubles using firefox in professional environment with CentOS6. The latest version is 45.7.0 But I can't use it anymore to access some old server hardware (IDRAC7 of DELL C6100) because of "/SSL_ERROR_WEAK_SERVER_CERT_KEY/". I had to install an old Firefox32 version to administrate these servers.
Can you try: (in Firefox's about:config): possible workaround for SSL_ERROR_WEAK_SERVER_CERT_KEY security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha
Today I upgrade the firmware of 2 DELL switch and now Firefox cannot connect to them anymore saying: /An error occurred during a connection to xxx.xxx.xxx.xxx. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports// //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
possible workaround for SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT security.tls.version.max 3 -> 1
You might want to revert for safer browsing, after.
/Is there a CentOS6 recommended web browser allowing continuous connections to olds and new base level (and local) system administration services ?
maybe different profiles with differents security setup?
Cheers
Tru
Tru Huynh wrote:
On Fri, Feb 10, 2017 at 12:26:14PM +0100, Patrick Begou wrote:
Hello
I have more and more troubles using firefox in professional environment with CentOS6. The latest version is 45.7.0 But I can't use it anymore to access some old server hardware (IDRAC7 of DELL C6100) because of "/SSL_ERROR_WEAK_SERVER_CERT_KEY/". I had to install an old Firefox32 version to administrate these servers.
Can you try: (in Firefox's about:config): possible workaround for SSL_ERROR_WEAK_SERVER_CERT_KEY security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha
These are yet set to true.
Today I upgrade the firmware of 2 DELL switch and now Firefox cannot connect to them anymore saying: /An error occurred during a connection to xxx.xxx.xxx.xxx. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports// //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
possible workaround for SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT security.tls.version.max 3 -> 1
You might want to revert for safer browsing, after.
With this setting I get SSL_ERROR_NO_CYPHER_OVERLAP and I cannot connect to the switch. Of course I can re-activate the old firmware version of the switch, but it has a bug I would like to solve too.....
I know that to remains compatible with old config could have security problems but all of these devices use dedicated ports (IDRAC, Out of band port management) on a private network which could be easily isolated. The idea is to have a browser dedicated to this administration (instead of several versions/profiles)
/Is there a CentOS6 recommended web browser allowing continuous connections to olds and new base level (and local) system administration services ?
maybe different profiles with differents security setup?
Cheers
Tru
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Thanks all for your suggestion to find a solution or detailing your local work around....
Patrick
Am 10.02.2017 um 12:26 schrieb Patrick Begou Patrick.Begou@legi.grenoble-inp.fr:
I have more and more troubles using firefox in professional environment with CentOS6. The latest version is 45.7.0 But I can't use it anymore to access some old server hardware (IDRAC7 of DELL C6100) because of "/SSL_ERROR_WEAK_SERVER_CERT_KEY/". I had to install an old Firefox32 version to administrate these servers.
Today I upgrade the firmware of 2 DELL switch and now Firefox cannot connect to them anymore saying: /An error occurred during a connection to xxx.xxx.xxx.xxx. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports// //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
/Is there a CentOS6 recommended web browser allowing continuous connections to olds and new base level (and local) system administration services ?
What says the current Firefox (version 45.7.0) while trying to connect to the upgraded IDRAC7's ?
-- LF
On 2/10/17 3:26 AM, Patrick Begou wrote:
/Is there a CentOS6 recommended web browser allowing continuous connections to olds and new base level (and local) system administration services ?
FYI you can download any previous release of Firefox from the URL below, and it will run right out of its own directory without being 'installed' per se. So you could find one that is compatible and keep it separate from the one you use for regular browsing. You'd probably want to run it as a different user on your box, and/or a separate profile.
http://ftp.mozilla.org/pub/firefox/releases/
Or if you don't want to worry about which user and profile you're in, you could try an equivalent release of SeaMonkey.
http://ftp.mozilla.org/pub/seamonkey/releases/
Either way it would enable you to have a more secure, up-to-date browser for regular use while also having one that is compatible with the other systems you need to use.
Yes David, I'm using a release 32 of Firefox to reach my olds C6100 IDRAC7 interface. The problem is for latest Firefox versions as they require libgtk-3 not available in Centos6/RHEL6 distribution.
Today I use a very very bad solution to reach my switch with latest firmware version from the latest Firefox available in CentOS: I disable https and use http.... Even if it is on a private network, in a dedicated vlan behind a firewall... I don't like this.
Patrick
David Nelson a écrit :
On 2/10/17 3:26 AM, Patrick Begou wrote:
/Is there a CentOS6 recommended web browser allowing continuous connections to olds and new base level (and local) system administration services ?
FYI you can download any previous release of Firefox from the URL below, and it will run right out of its own directory without being 'installed' per se. So you could find one that is compatible and keep it separate from the one you use for regular browsing. You'd probably want to run it as a different user on your box, and/or a separate profile.
http://ftp.mozilla.org/pub/firefox/releases/
Or if you don't want to worry about which user and profile you're in, you could try an equivalent release of SeaMonkey.
http://ftp.mozilla.org/pub/seamonkey/releases/
Either way it would enable you to have a more secure, up-to-date browser for regular use while also having one that is compatible with the other systems you need to use. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On Sat, Feb 11, 2017 at 11:37:09AM +0100, Patrick Bégou wrote
Yes David, I'm using a release 32 of Firefox to reach my olds C6100 IDRAC7 interface. The problem is for latest Firefox versions as they require libgtk-3 not available in Centos6/RHEL6 distribution.
Today I use a very very bad solution to reach my switch with latest firmware version from the latest Firefox available in CentOS: I disable https and use http.... Even if it is on a private network, in a dedicated vlan behind a firewall... I don't like this.
Hello;
Disclosure: I'm the person who does the Pale Moon (Firefox fork) SSE contributed build for linux. Note: this build is 32-bit only. See https://forum.palemoon.org/viewtopic.php?f=40&t=13530&start=20#p1058... I subscribe to this list because I use a CentOS 6.5 chroot to do the builds, and I have occasional questions. SSE-only machines (i.e. no SSE2 instructions) are old Pentium 3 and similar. The SSE build will work on newer machines, but may be a bit slower than the standard build, because it does not use the SSE2 instruction set.
Older machines often run distros like Puppy linux which use older glibc, gtk2, etc. Puppy linux does have security fixes backported. Because Pale Moon SSE version is built in CentOS 6.5, it should work in 32-bit CentOS.
You can also try the mainline version of Pale Moon if you want 64-bit. http://linux.palemoon.org/ It uses gtk2, but I don't know if it's compatible with other old libraries that CentOS 6 uses. My build goes out of its way to be compatible with older libraries.
You can also try the mainline version of Pale Moon if you want 64-bit. http://linux.palemoon.org/ It uses gtk2, but I don't know if it's compatible with other old libraries that CentOS 6 uses. My build goes out of its way to be compatible with older libraries.
I did once build pm on CentOS6 as poc, but after switched to the distributed binaries. 26.x is the end of line for CentOS6, and I haven't tried building 27.x. Maybe I'll try that, addressing the library situation with custom or static versions.
-
Andreas Benzler -
David Nelson -
isdtor -
Leon Fauster -
Nux! -
Patrick Begou -
Tru Huynh -
Walter Dnes