Cannot connect securely because the site uses an older insecure version of the SSL protocol: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
(also enable ciphers)
(@Tanstaafl: the same applies to SeaMonkey, verified on 1.1.4)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{right-pic|Ssl2 disabled.png}}
{{right-pic|Ssl2 disabled.png}}


This article deals with the message "''Firefox cannot connect securely to (site name) because the site uses an older, insecure version of the SSL protocol''" when trying to go to certain sites. This message is shown because starting in Firefox 2, support for SSL 2, an older and insecure security protocol, was disabled by default.
This article deals with a message about a ''Mozilla application not being able to connect securely to (site name) because the site uses an older, insecure version of the SSL protocol'' when trying to browse to certain web sites or connect to certain servers. For information on other messages received when accessing secure sites, see [[Error loading secure sites]].


Mozilla recommends that sites do not use SSL 2. You should contact the webmaster of the site and tell them your problem. If you must access an SSL 2 site, you can re-enable SSL 2 in Firefox, though this isn't recommended.
The message is shown because support for version 2 of the SSL protocol (SSL2) is disabled by default in recent versions of Firefox, Mozilla Suite, and Thunderbird. Its insecure and rarely used since it was deprecated in 1996. Its been replaced by version 3 of the SSL protocol (SSL3) and [http://en.wikipedia.org/wiki/Transport_Layer_Security TLS].
 
If you have to use SSL2 for a specific web site or server you can enable it as follows:
 
'''Firefox, SeaMonkey/Mozilla Suite:'''
{{EditPrefBool|security.enable_ssl2|true}}
{{EditPrefBool|security.enable_ssl2|true}}


You may also need to enable specific ciphers. Still in about:config, enter <tt>ssl2</tt> into the filter box and enable the ciphers presented.[http://forums.mozillazine.org/viewtopic.php?t=478336]
You may also need to enable specific ciphers. Still in about:config, enter <tt>ssl2</tt> into the filter box and enable the ciphers presented.[http://forums.mozillazine.org/viewtopic.php?t=478336]
'''Thunderbird:'''
# Tools -> Options -> Advanced -> General -> Config Editor
# Type ssl2 in the edit field at the Filter: prompt
# Find the row with security.enable_ssl2
# Double click on it to set it to true.
You will also need to enable some of its ciphers (such as security.ssl2.des_64 and security.ssl2.rc4_128) by double clicking on them.


[[Category:Issues (Firefox)]]
[[Category:Issues (Firefox)]]

Latest revision as of 00:30, 1 September 2007

This article deals with a message about a Mozilla application not being able to connect securely to (site name) because the site uses an older, insecure version of the SSL protocol when trying to browse to certain web sites or connect to certain servers. For information on other messages received when accessing secure sites, see Error loading secure sites.

The message is shown because support for version 2 of the SSL protocol (SSL2) is disabled by default in recent versions of Firefox, Mozilla Suite, and Thunderbird. Its insecure and rarely used since it was deprecated in 1996. Its been replaced by version 3 of the SSL protocol (SSL3) and TLS.

If you have to use SSL2 for a specific web site or server you can enable it as follows:

Firefox, SeaMonkey/Mozilla Suite:

  1. Type about:config in the Location Bar.
  2. Press Enter.
  3. Find the preference name security.enable_ssl2.
  4. Double click on it to set it to true.

You may also need to enable specific ciphers. Still in about:config, enter ssl2 into the filter box and enable the ciphers presented.[1]

Thunderbird:

  1. Tools -> Options -> Advanced -> General -> Config Editor
  2. Type ssl2 in the edit field at the Filter: prompt
  3. Find the row with security.enable_ssl2
  4. Double click on it to set it to true.

You will also need to enable some of its ciphers (such as security.ssl2.des_64 and security.ssl2.rc4_128) by double clicking on them.