Jump to content

Firefox blocking SSLv3 connections


ESB

Recommended Posts

Hello all,

 

I have two isy systems, one is a 994 with a self signed cert. the other is a 99 with out dated cert.  I have been able to remote log in to both systems with the script or basic UD web program with a variety of browsers and phones.  Firefox now blocks access to both the web and Java (admin) console.  IE still works, android browsers still work.

 

My question is will others follow the lead of Firefox, and then what for secure remote access.

 

Question # 2:  Is the upgrade program for my old 99 still available?

 

Regards - Eric

 

 

Link to comment

Yes, others will follow the lead of Firefox - but there will always be an option, because there really are a lot of devices out there that cannot be upgraded.  You may have to do some clicking to get rid of some ominous warning dialogs and such, though.

Link to comment

Now I am confused.  When I query the secure port for the 994, I do not specify a protocol, just https: address:port.  I assumed when firefox blocked it with no work around, that there is no other way to address the secure port for the ISY with firefox.  What am I missing for future reference - please advise- thanks

Link to comment

https is a suite of protocols, sslv1, sslv2, sslv3, tlsv1, tlsv1.1, tlsv1.2 and tlsv1.3.

 

When your browser contacts a server with https, there is a negotiation that occurs. Normally, the highest common protocol is selected.

 

An isy99i non-pro only supports sslv3.

 

sslv2 was disabled by most protocol stacks about 2 years ago due to its security weaknesses.

 

What happened a few months ago, significant flaws were discovered in sslv3, rendering it unsafe for all purposes. Due to the existence of a downgrade attack, the only safe way to fix the threat is to eliminate sslv3.

 

This is what Firefox has done. Sslv3 is now very old! You can reenable it in Firefox as I described above - there is not 'no workaround'. However, by enabling it you are at serious risk if you do banking, taxes or anything you want to be secure with that browser.

 

The fix is to upgrade to the ISY994i where the lowest protocol level is now tlsv1.1. UDI offers a fantastic price for the upgrade, considering the 99 was end of lifed now a long time ago

Link to comment

Thanks for the reply.  The ISY that I have been connecting to remotely is a 994i 256 with 4.0.5 and a self signed certificate.  I still get the ssl v3 warning on that system.  Any guesses why?

 

Thanks Eric

Link to comment

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...