Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Firefox throwing SSl_error_no_cypher_overlap error #1216
Hi guys! I have been asked to disable TLSv1 TLSv1.1 on my site
I have been able to do it adding the following config on the cipher list
vserver!21!ssl_ciphers = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:!ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:!DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:!DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DHE-RSA-CAMELLIA256-SHA:!AES256-SHA:!CAMELLIA256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-CAMELLIA128-SHA:!AES128-SHA:!CAMELLIA128-SHA:!EDH-RSA-DES-CBC3-SHA:!DES-CBC3-SHA:HIGH:!SSLv2:!DESede:!SSLv3
The problem is that on last Firefox version on Windows and Linux (not in Macos) I got the SSl_error_no_cypher_overlap error.
So I enabled TLSv1 and TLSv1.1 made a sslscan on my site and started to denied one by one the ciphers on TLSv1 and TLSv1.1 to find the one used by Firefox and I got this list that works on FF in linux and Windows.
Supported Server Cipher(s):
So, If I disable DES-CBC3-SHA I got the SSL_no_cipher_overlap error, looks like FF is not supporting TLSv1.2 by default or cant find any other matching cipher.
Thank you very much!