Hello Experts,
We have a server that supports TLS1.0/1.1/1.2 and restricts SSL. FF 52 beta's
tls config is min=1 and max=4 by default. Upon trying to access our server with
FF 52, we are getting the below error -
Secure Connection Failed
The connection to xx.xx.xx.xx was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of
the received data could not be verified.
Please contact the website owners to inform them of this problem.
Packet captures show Client Hello to be carrying SSL record layer instead of
TLS record layer. This happens if the max value is set as 3 or 4. For other
values, Client Hello is properly sent.
With FF 51.0.1, everything worked just fine.
So, we would like to know-
Why is FF 52 sending SSL record layer when it is configured to send TLS record
layer?
As this is beta version, would you recommend using this version and the final
version will have a proper implementation?
I have also raised a case in the common Mozilla forum and was advised to touch
base here -
https://support.mozilla.org/t5/Firefox/How-does-FF-determine-what-SSL-protocol-to-use-in-Client-Hello/m-p/1365371/highlight/false#M1034432
Kindly advise!
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
