SSL is disabled: Difference between revisions
From MozillaZine Knowledge Base
Jump to navigationJump to search
m (add cat websites) |
(warn against using SSL 2.0) |
||
| Line 1: | Line 1: | ||
SSL (Secure Socket Layers) is a protocol that secures communication over the Internet. Most banking sites and online stores require sensitive information be sent over SSL. If Firefox, Mozilla Suite, or Thunderbird claims SSL is disabled, try the following things: | SSL (Secure Socket Layers) is a protocol that secures communication over the Internet. Most banking sites and online stores require sensitive information be sent over SSL. If Firefox, Mozilla Suite, or Thunderbird claims SSL is disabled, try the following things: | ||
* Check your SSL settings in "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Security" (Firefox) or "Edit -> Preferences -> Privacy & Security -> SSL" (Mozilla Suite). "Use SSL | * Check your SSL settings in "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Security" (Firefox) or "Edit -> Preferences -> Privacy & Security -> SSL" (Mozilla Suite). "Use SSL 3.0" and "Use TLS 1.0" should bothl be checked. "Use SSL 2.0" should '''not''' be checked, it has known weaknesses and has been almost entirely replaced on the Web by the more secure protocols. Only turn on SSL 2.0 if required by your intranet administrator to reach a required but unmaintained older server. Even if you intend to connect only to trustworthy sites, having SSL 2.0 turned on makes your communication vulnerable to interception by rogue servers or proxies which can trick the browser into using low-quality, breakable encryption. | ||
* Select "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Security -> Verification -> Do not use OCSP for certificate validation" (Firefox) or "Edit -> Preferences -> Privacy & Security -> Validation -> Do not use OCSP for certificate validation" (Mozilla Suite). | * Select "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Security -> Verification -> Do not use OCSP for certificate validation" (Firefox) or "Edit -> Preferences -> Privacy & Security -> Validation -> Do not use OCSP for certificate validation" (Mozilla Suite). | ||
* If you're using a manual proxy, make sure "Use this proxy for all protocols" and "SSL proxy" in "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> General -> Connection Settings" (Firefox) are set to the correct values. | * If you're using a manual proxy, make sure "Use this proxy for all protocols" and "SSL proxy" in "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> General -> Connection Settings" (Firefox) are set to the correct values. | ||
Revision as of 21:34, 27 September 2006
SSL (Secure Socket Layers) is a protocol that secures communication over the Internet. Most banking sites and online stores require sensitive information be sent over SSL. If Firefox, Mozilla Suite, or Thunderbird claims SSL is disabled, try the following things:
- Check your SSL settings in "Tools -> Options -> Advanced -> Security" (Firefox) or "Edit -> Preferences -> Privacy & Security -> SSL" (Mozilla Suite). "Use SSL 3.0" and "Use TLS 1.0" should bothl be checked. "Use SSL 2.0" should not be checked, it has known weaknesses and has been almost entirely replaced on the Web by the more secure protocols. Only turn on SSL 2.0 if required by your intranet administrator to reach a required but unmaintained older server. Even if you intend to connect only to trustworthy sites, having SSL 2.0 turned on makes your communication vulnerable to interception by rogue servers or proxies which can trick the browser into using low-quality, breakable encryption.
- Select "Tools -> Options -> Advanced -> Security -> Verification -> Do not use OCSP for certificate validation" (Firefox) or "Edit -> Preferences -> Privacy & Security -> Validation -> Do not use OCSP for certificate validation" (Mozilla Suite).
- If you're using a manual proxy, make sure "Use this proxy for all protocols" and "SSL proxy" in "Tools -> Options -> General -> Connection Settings" (Firefox) are set to the correct values.
- If you received the message "Could not initialize the browser's security component. The most likely cause is problems with files in your browser's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the browser and fix the problem. If you continue to use this browser session, you might see incorrect browser behavior when accessing security features."...
- Check your hard drive's remaining capacity and the file permissions on the files in your profile folder.
- Delete the cert8.db file in your profile folder and try again. [1]
- Try creating a new profile. Your current profile might be corrupted due to many reasons, such as changes in your system or lack of HD space at one point.
- Firefox and Mozilla Suite use a loopback connection which is required for SSL. Check your firewall settings to make sure you have not blocked incoming connections to Firefox or Mozilla Suite.
- Clear the cache: "Tools -> Options -> Privacy -> Cache -> Clear Cache Now" (Firefox) or "Edit -> Preferences -> Advanced -> Cache -> Clear Cache" (Mozilla Suite).
- Try this SSL test. If your browser passes, it's likely a problem with the site you're trying to connect to.
- Try the standard diagnostic.
