On 2011-01-27 09:00 PDT, volkerk wrote: > I am having the same problem with Firefox 3.0.15, which is suddenly > unable to contact our Peoplesoft server and gets the no cypher error. > After capturing the packet exchange with Wireshark, I found out the > same as Suresh here - Firefox 3.0.15 (Windows) uses SSLv2 message > format in the Client Hello (containing a version line of SSLv3 inside), > although SSLv2 is disabled in about:config -- and it does decidedly NOT > attempt TLS negotiation first, although TLS1.0 is enabled. > > Manipulating the enabled SSLv3 ciphers makes no difference in this > behavior, which isn't surprising. There simply is no initial TLS > packet.
Firefox doesn't send TLS client hellos to servers that fail to complete ANY handshake with ANY version of SSL or TLS some number of times in a row when it has tried sending TLS client hellos. Once it decides the server is incompatible with TLS client hellos, it stops trying to do that and falls back on some OLD OLD behavior where it sends SSL 3.0 client hellos encapsulated in SSL 2 records. They're actually SSL3 hellos, but the point is that the server has failed too many times. If you restart the browser, the counter will start over and Firefox will try TLS hellos until the server fails too many times in succession again. -- /Nelson Bolyard -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
