MozillaZine

Talk:SSL is disabled

From MozillaZine Knowledge Base

I haven't tested any of these solutions, they're just stuff I pulled out of forum posts. I also don't know the menu path for the Options dialog for non-Windows non-Firefox users.--Np 20:21, 3 Aug 2005 (PDT)


Menu differences in Windows, Linux, and Mac http://kb.mozillazine.org/Menu_differences_in_Windows%2C_Linux%2C_and_Mac -- JamesMZ


I have added another method in solving this problem, and I solved my problem based on some of the info on the web and my limited knowledge to the problem.--IM 14:58, 15 NOV 2005 (EST)


SSL2 disabled gets a few support requests. As far as I know, there's no other entry that describes how to do this. This article is not a great place for the information, but I put it here for now as an expedient. Better here than nowhere. --AnotherGuest. 7 Dec 06

Contents

Split based on error message

I'm thinking we should split this article into sections based on whether the problem gives the "SSL is disabled" or the "Could not initialize" message. Doing so would reduce the number of things a user would have to check. Are each of these fixes geared towards a specific message, or can some apply to both? I'm going to try to test or find some forum links to see which problem results in which error:

"SSL is disabled"

  • Disabled SSL (tested)

"Could not initialize"

  • Corrupted or bad file permissions in profile (I made cert.db read only, and it happened at startup, and browsing SSL sites worked fine)

"SSL 2 is disabled"

  • SSL2 site (tested), [1]Image:Ssl2_disabled.png

Can't reproduce/find

  • OCSP (many different error messages, all with the text "OCSP" somewhere?)[2][3][4]
  • Manual proxy
  • Blocked loopback
  • Clear cache
  • Not compiled with SSL
  • After upgrade to 2.0.0.2 (gives security component message on startup and something on access) [5]

--Np 17:46, 11 June 2007 (UTC)

Asked in the forum [6]--Np 17:32, 26 June 2007 (UTC)

OCSP

Should we be telling everyone to turn off OCSP? From what I've read of bug reports, having OCSP enabled will only cause errors when you go to certain sites who have set up OCSP wrong, or if the OCSP service isn't working. I think we should say something along the lines of if they frequently get the error on a certain site, they can turn it off, but not suggest turning it off to solve other problems.--Np 18:11, 11 June 2007 (UTC)

Bug 110161 (ocspdefault) – enable OCSP by default fixed on trunk. They made it so that if the OCSP doesn't work, by default, the user isn't informed.--Np 06:27, 16 June 2007 (UTC)

Screen shots

Small nit: Shouldn't screen shot use default theme?--AnotherGuest. 13:35, 28 June 2007 (UTC)

I think it's slightly preferable to use the defaults when making screenshots, but I don't think it matters that much. Feel free to create new screenshots.--Np 14:51, 28 June 2007 (UTC)

Corrupt cert8.db sometimes also causes ssl_error_ssl_disabled error

It should be mentioned, that the 'ssl_error_ssl_disabled' error is sometimes caused by a corrupt '<profiledir>\cert8.db' file. Deleting this file while firefox is NOT running solved the problem for a number of people, including me right now. <--6 August 2009 Patient X

I added deleting or renaming "cert8.db" under "Other solutions", seeing that it is also given as a solution in the Could not initialize the browser security component article. Alice 00:13, 15 August 2009 (UTC)

Changes with Gecko 23.0

  • There have been backend changes replacing the SSL 3.0 and TLS 1.0 boolean preferences with integer min/max ranges to accommodate the new TLS 1.1 and future TLS 1.2 versions [7]. As a consequence, the options are removed in Firefox 23.0 [8] and extended in SeaMonkey 2.20 [9] preferences UI. I'll document the security.tls.version.* prefs once they've entered the aurora stage. --Rsx11m 13:29, 1 May 2013 (UTC)
  • Concerns were raised about TLS 1.1 not being fully supported yet [10]. As it appears, bug 565047 and bug 733642 are complete except for the TLS 1.1 → TLS 1.0 fallback, which is handled in bug 839310. Since TLS 1.1 isn't enabled by default yet, and won't be before bug 733647 is completed, this shouldn't have any impact on the user unless he or she enables TLS 1.1 explicitly. --Rsx11m 20:23, 11 May 2013 (UTC)

Changes with Gecko 34.0

  • The remaining work for TLS 1.x seems to have been completed. Due to a recent exploit, SSL 3.0 will be disabled by default per bug 1076983, starting with Gecko 34.0 builds. I've updated the respective section of the article, given that it's a current security issue. --Rsx11m 04:15, 3 November 2014 (UTC)