Over the past few weeks I have been plagued with having to modify Firefox to permit connectivity to sites using SSLv3. It appears that Mozilla is trying to limit access to vulnerable sites, but that creates some issues for those of us that haven’t updated large components of our infrastructure. Even more troublesome, I am now having to modify these settings for users since they need to run reports…
In case you haven’t seen the errors, copies follow:
The workaround, is simply enabling Firefox to connect to sites with SSLv3 vulnerabilities.
- Within Firefox, enter “about:config” in the address bar
- Read the warning, I do not accept any responsibility for what happens within. If you accept the responsibiltiy, select the optino “I’ll be careful, I promise!”
- Enter “ssl3” into the search field
- Ensure the preferences “security.ssl.dhe_rsa_aes_128_sha” & “security.ssl.dhe_rsa_aes_256_sha” are set to false.
Now, we just need to update some servers, phones, more servers, clients….