How to accept insecure connection in Firefox 39+?

1

1

When I try to open a webpage, I get an ssl_error_weak_server_ephemeral_dh_key error in Firefox.

According to my googling the keys are weak, there is a security hole, I'm not safe, etc. Great, Firefox protects me. My only problem is that this is an intranet connection, so I'm pretty sure that nobody will try to hack me, IT just didn't update that server in a long time.

If I remember right in previous versions (I don't exactly know which versions, but then the error message included a yellow sign with a police officer too. Now I'm on 39.0) Firefox had an option to accept such connections. Is there a hidden way to still accept insecure connections like this? Maybe something in about:config that I can temporarily change manually?

ytg

Posted 2015-07-15T07:03:19.817

Reputation: 902

The better fix is to ask IT to update it! +1 – Dave – 2015-07-15T07:50:30.107

Sure. Let's assume that I need to access that page a little faster than IT solves problems. :) – ytg – 2015-07-15T08:03:00.087

Does a different browser not work then to get the data faster? In IE, can you add it to a safe zone or does the issue still persist – Dave – 2015-07-15T08:17:51.680

I don't have IE, I'm on Linux. But I'll try Chrome to see if it helps. – ytg – 2015-07-15T08:20:02.160

Chrome still seems to have an option to manually approve going to unsecure sites. – ytg – 2015-07-15T08:26:18.383

Answers

3

I got an answer from another source, but I'll also post it here for future reference:

Apparently Firefox's about:config does have settings for disabling security protocols. In my case disabling security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha forces Firefox to use a stronger cypher and I can access the same page from Firefox too, without waiting for IT to fix it.

I don't know why, but it works.

ytg

Posted 2015-07-15T07:03:19.817

Reputation: 902

1

The best answer is to ask IT to fix it, but as you said in your comments, you're more desperate for a quicker fix.

Also as per the comments, try a different browser.

Since Chrome works for you, use that!

Dave

Posted 2015-07-15T07:03:19.817

Reputation: 24 199

ockquote>

"The best answer is to ask IT to fix it" - sorry to disillusion anyone about the reality of large corporations with huge intranets, but majority of small helper-servers of non-production value there will just never going to get updated. No chances. While depending project must be completed no matter what and no one is interested to hear about busy inefficient IT and smart caring FF. That's the life - take it or quit that job. :-) Glad to see the solution below about the workaround that just works sans any drama

– Van Jone – 2015-08-06T14:42:14.120

0

Being in the same situation as you, I use SkipCert Error.

But it doesn't fix sec_error_bad_der, bug#1148766.

bufh

Posted 2015-07-15T07:03:19.817

Reputation: 306

Asked: 2015-07-15T07:03:19.817

Viewed: 1 288 times

Active: 2015-07-15T12:20:57.820