[182497] in North American Network Operators' Group
Re: SEC webpages inaccessible due to Firefox blocking servers with
daemon@ATHENA.MIT.EDU (Alexander Bochmann)
Sun Jul 19 07:02:25 2015
X-Original-To: nanog@nanog.org
Date: Sun, 19 Jul 2015 12:59:38 +0200
From: Alexander Bochmann <ab@lists.gxis.de>
To: "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <fd3400455fd8403f880ae4c84e00f35a@pur-vm-exch13n1.ox.com>
Errors-To: nanog-bounces@nanog.org
...on Fri, Jul 17, 2015 at 01:42:37PM +0000, Matthew Huff wrote:
> After making the about:config changes, no warning is given to the user about the bad ciphers. Even if you click the SSL lock icon, no warning is given. Only if you know that the connection being made with "TLS_RSA_WITH_AES_128_CBC_SHA,128 bit keys, TLS 1.0" is a bad thing would you have any clue.
I've found the Calomel SSL Validation Add-on to be quite useful in that
regard. It adds some controls to access FF encryptions settings, as well
as a quick overview on the quality of a TLS connection:
https://calomel.org/firefox_ssl_validation.html
https://addons.mozilla.org/en-us/firefox/addon/calomel-ssl-validation/
In general, an old version of Firefox Portable seems a must-have item in
the admin toolchest right now - there's just too much stuff still out
there that can't be accessed with either current Firefox or IE anymore.
Alex.
