I have a old box I am trying to log into and since the last update I can no longer reach it, get the error "Error code: ssl_error_cipher_disallowed_for_version."
Here are the ciphers on the box
TLSv1.0:
server selection: enforce server preferences
3-- (key: RSA) RSA_WITH_AES_256_CBC_SHA256
3-- (key: RSA) RSA_WITH_AES_256_CBC_SHA
3-- (key: RSA) RSA_WITH_CAMELLIA_256_CBC_SHA
3-- (key: RSA) RSA_WITH_AES_128_CBC_SHA
3-- (key: RSA) RSA_WITH_SEED_CBC_SHA
3-- (key: RSA) RSA_WITH_CAMELLIA_128_CBC_SHA
3-- (key: RSA) RSA_WITH_IDEA_CBC_SHA
3-- (key: RSA) RSA_WITH_3DES_EDE_CBC_SHA
I can't find any CBC ciphers available in palemoon. Were these removed last version, I don't see it in the change log?
CBC Ciphers
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
Re: CBC Ciphers
You can see which Pale Moon ciphers are installed in your browser here > https://www.ssllabs.com/ssltest/viewMyClient.html
Re: CBC Ciphers
Here is what I get from that site
There is some overlap, so why can't I access the site without error?
Code: Select all
LS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
Re: CBC Ciphers
Does your box support TLS 1.0, or only SSLv3? Does it support secure renegotiation of protocol?
What server software are you running on it?
What server software are you running on it?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: CBC Ciphers
It is a Cisco box, so I am not sure what it runs. It does support TLS 1.0 at least and based off the docs it also supports 1.2
Re: CBC Ciphers
hmm.. do you know what ciphers it offers for TLS 1.2? The browser will always try the highest available protocol version first, and TLS 1.2 doesn't accept all ciphers (with the NSS update in the latest version that has become more strict now, according to spec). If an unacceptable cipher is offered for TLS 1.2, then the browser will give you this error.
You can try to work around it by allowing insecure fallback to TLS 1.0 (set security.tls.version.fallback-limit to 1).
You can try to work around it by allowing insecure fallback to TLS 1.0 (set security.tls.version.fallback-limit to 1).
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite