Can Firefox be forced to use ssl instead of tls

Question

I would like to force firefox 56 to use ssl instead of tls1.2 despite that SSL 3.0 is considered unsafe. My intend is to produce an error like ...no overlap .... and take a screenshot of this error.

Preferences in about:config

According to my understanding of the firefox docs for security.tls.version* I have set

• security.tls.version.min = 0 and
• security.tls.version.max = 1

The docs for security.tls.version* also point out:

These preferences replace the deprecated security.enable_ssl3 and security.enable_tls boolean settings. Upon upgrade, the old preferences are not automatically migrated.

So i checked if deprecated preference might be in conflict with my settings above. But my Firefox 56 installation has no preferences that start with security.enable_. So it seems that i do not have to worry about any deprecated settings.

Additional causes might be

• that Upgrade-Insecure-Requests interferes with my intent to use ssl3,
• that the rc4 cipher was planned to be removed and security.tls.unrestricted_rc4_fallback was removed in Firefox 50 and can no longer be overridden.

Is the certificate the cause

The website uses a certificate that has these characteristics:

The connection to this site uses a strong protocol (TLS 1.2), an obsolete key exchange (RSA), and an obsolete cipher (AES_256_CBC with HMAC-SHA1).

After reading this reply i assumed that the cipher used is not part of TLSV1 but running the command below seem to prove that the cipher used is a SSL3 supported cipher.

openssl ciphers -v 'TLSv1' | grep "AES" | grep "256" | grep "CBC" | sort
// output
PSK-AES256-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA1
SRP-AES-256-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(256)  Mac=SHA1
SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(256)  Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(256)  Mac=SHA1

Update

HSTS - Strict-Transport-Security HTTP response header field

This question Is firefox disabling of insecure TLS fallback part of the HSTS spec might be related.

The HTTP Strict Transport Security chapter 5.1 (HSTS - rfc 6797) contains

An HTTP host declares itself an HSTS Host by issuing to UAs an HSTS
Policy, which is represented by and conveyed via the
Strict-Transport-Security HTTP response header field over secure
transport

The site in question has these header fields among others

p3p: CP="NON CUR OTPi OUR NOR UNI"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=315360000, public
expires: Sat, 03 Jul 2027 00:48:12 GMT
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains

Questions (tl;dr)

1. It seems that firefox from version 50 on and above can not be forced to use ssl3. Is this the case? If not how can it be achieved?

2. To my understanding the certificate signing request (CSR) is the first step to get a certificate. Does the CSR already contain the ciphers and protocols that must be used in a https-connection later?

See also

• Firefox Error_loading_secure_sites page

Answer 1

OK, so I understand so the reason you want to enable SSL in Firefox is to take a screenshot so if you turn this off, you will see the type of error message and be able to explain the problem to the user? I would suggest this is not a constructive use of your time.

Firefox disabled SSLv3 by default in Firefox 34 - which was over 20 versions ago (though admittedly only 3 years ago) at the time of writing. So even if you could somehow re-enable it in the current version, the error message might be completely different as to what was in that version.

So, if you really want to do this, then you are much better checking the version of the browser that did support that, rather than trying to hack the current version. If you do not have access to old browsers then a site like BrowserStack can help with this. But even then it could change depending on which version users are using.

Additionally Firefox has supported TLSv1.0 from the start, so you really don't need to be worried about turning off SSLv3, at least for your Firefox users. Perhaps you need to be worried about turning off TLSv1.0 as TLSv1.2 was only enabled in version 27 (released in February 2014), and we'll get to that in a bit, but I really wouldn't worry about disabling SSLv3 for your Firefox users.

In fact ALL browsers in use today support TLSv1.0 (handy chart here), and any browser that doesn't will likely have much bigger problems with most websites unless they really are just plaintext sites or you are really, really good a progressive enhancements.

So turn off SSLv3 - it's insecure and should not be used. The alternative is to risk 100% of your users for the vast minority who are using ancient browsers. Yes browsers should use the highest version of TLS rather than SSL if they support it but various downgrade attacks can inadvertently cause this not to be the case. The safest option is to just disable it. I'm not normally one to go in for absolutes, and would normally suggest you measure your usage but for the vast majority of sites disabling SSLv3 is something they should do. Even Google has disabled SSLv3 for their site and if they can do that, then you can be sure it's safe for you to do it.

Should you get complaints then the error message will likely say something along the lines of "Secure Connection Failed" with protocol error. https://badssl.com/ is a very handy website for testing bad SSL/TLS config, though unfortunately it does not have an example for SSLv3.

Next up will be switching off TLSv1.0 and it will be less easy as it took browsers a lot longer to implement the later versions (particularly Internet Explorer who didn't get TLSv1.2 reliably until version 11). TLSv1.0 is not broken yet, but is on it's way out and standards like PCI-DSS are mandating it be switched off soon (though they've pushed back on the date for this at least once). If you want to test this in firefox this is easy by setting security.tls.version.max = 1 and visiting a TLSv1.1 or TLSv1.2 only site like https://tfl.gov.uk/ where you see the following message (which is probably similar to what your SSLv3 visitors would see rather than the cipher error you have shown in your answer):

An error occurred during a connection to tfl.gov.uk. Peer reports incompatible or unsupported protocol version. Error code: SSL_ERROR_PROTOCOL_VERSION_ALERT

I would also suggest you add logging to your webserver logs to track the TLS version used so you can make future decisions on when to turn protocols or ciphers off. This is fairly easy with Nginx and Apache for example, though if using other web servers, or if you a load balancer in front of your webserver that handles your TLS, then need to see if they allow this.

Finally to answer your second question, no the CSR does not define the protocol nor the ciphers used. That is decided by a combination of what the server and client both support. Ideally the server should enforce more secure protocols and ciphers in preference to weak ones.

The protocol (SSLv3, TLSv1.0...etc.) is how the HTTPS connection is made, and how the cipher is decided. The cipher is what is used to actually encrypt the connection. As such ciphers are not limited to the protocol that they were originally introduced for and PSK-AES256-CBC-SHA for example is available whether you are using SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2. TLSv1.3 (soon to be released) is the first version that has tried to actively remove old ciphers rather than just continue to expand the list.

For some time now Chrome has given a mild warning for older cipher suites (basically those not using GCM in the cipher suite names though there are a few less common ones that it also considers secure), which is why you see the "The connection to this site uses... an obsolete key exchange (RSA), and an obsolete cipher (AES_256_CBC with HMAC-SHA1)." message. The SSLLabs Server Test tool is the best tool for checking your server set up and I would suggest comparing it to other sites to get an A grade which should stand you in good stead for some time (I suggest rescanning quarterly to keep up with any changes in the security world - for example like SSLv3 being found to be insecure). Mozilla also have a very handy SSL/TLS config generator for the most common browsers.

HSTS (or HTTP Strict Transport Security) has no barring on this conversation really. It simply states that the client MUST use HTTPS for the site and should not use plain HTTP. That off course depends on being able to make a secure HTTPS connection. This can be a dangerous option to turn on if some of your site or domain has not been ported to HTTPS yet.