[CentOS] Wich web browser on CentOS6 ?

Patrick Bégou Patrick.Begou at legi.grenoble-inp.fr
Sat Feb 11 17:05:03 UTC 2017


Alice Wonder a écrit :
> On 02/10/2017 12:34 PM, James B. Byrne wrote:
>>
>> On Fri, February 10, 2017 06:26, Patrick Begou wrote:
>>> Hello
>>>
>>> I have more and more troubles using firefox in professional
>>> environment with
>>> CentOS6. The latest version is 45.7.0 But I can't use it anymore to
>>> access some
>>> old server hardware (IDRAC7 of DELL C6100) because of
>>> "/SSL_ERROR_WEAK_SERVER_CERT_KEY/".  I had to install an old Firefox32
>>> version
>>> to administrate these servers.
>>>
>>> Today I upgrade the firmware of 2 DELL switch and now Firefox cannot
>>> connect to them anymore saying: /An error occurred during a
>>> connection to xxx.xxx.xxx.xxx. The server rejected
>>> the handshake because the client downgraded to a lower TLS version
>>> than the server supports// //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
>>>
>>> /Is there a CentOS6 recommended web browser allowing continuous
>>> connections to olds and new base level (and local) system
>>> administration services ?
>>>
>>
>> This situation arises because older, dare I say old, equipment
>> released with embedded software and using http/https as the
>> administrative front end were shipped with minimally compliant x-509
>> certificates.  Often self-signed with 1kb keys and md5 signature
>> hashes. Not to mention many are past their expiry dates.
>>
>> However, given the revelations of state sanctioned snooping on network
>> traffic browsers are being pushed to implement increased compliance
>> checking for the overall security of users. Firefox is simply
>> implementing what various 'authorities' are recommending as secure
>> practices with respect to authentication using pki and x-509
>> certificates.
>>
>> The present situation is a PIA.  It could be a lot more user-friendly
>> if FF so chose. They could have easily allowed one to turn off these
>> advanced compliance checks for specific IP and DNS addresses so that
>> the intended benefit remained but the interference with existing
>> infrastructure was minimised.
>>
>> But, FF is on its own chosen path to oblivion and the idea of
>> compromise is totally absent from their project plan.
>>
>>
>
> IMHO FireFox is doing the right thing. Compromises in policy is how 
> system compromises often happen.
>
> If you can change the setting to be more forgiving of certain bad 
> vendors, then so can malware.
In this situation the working solution is the  worst one: disabling 
https and re-enabling http on these devices.
>
> What we really need to do is demand better from the manufacturers of 
> products we use in a "professional environment" - and it is extremely 
> important we demand better from them now, during the dawn of IoT.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>




More information about the CentOS mailing list