Joined: 06 Jun 2006 Posts: 7492 Location: Dresden, Germany
Posted: Mon Oct 27, 2014 20:11 Post subject:
your tomatoe fix you mentioned just increases the keysize. nothing else. and dd-wrt does already use a higher keysize _________________ "So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
Key size is the real root issue, FF 34 will likely make this clearer by issuing the error message "mozilla_pkix_error_inadequate_key_size" instead of the generic one we're now getting in FF 33 (at least that's what FF 34 beta is showing). Apparently key size less than 1024 isn't allowed, or at least not yet. I'm hoping that they'll back off a little and allow us to override.
Joined: 06 Jun 2006 Posts: 7492 Location: Dresden, Germany
Posted: Wed Oct 29, 2014 0:00 Post subject:
okay. then you should report to FF that dd-wrt uses 2048 bits since some months. so all current versions on the ftp should work. but since you say they wont work, FF is completelly broken and not capable of doing ssl authentication by spec _________________ "So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
i can just tell you. i tested firefox with the latest version under windows and it shows no issues with the versions i uploaded. all is working. no key errors. and sorry replacing sha1 with a weak md5 is no solution. remember that also the webif should work with some older browsers which are not just released within the last week. i will test it. and some routers in dd-wrt use openssl for httpd. but especially the small devices use matrixssl and matrixssl has no support for sha256
I wasn't proposing MD5 as a solution(it can't even be, it's too short), just asking what does my firmware use?
The plot thickens! IE won't let me view its page either, unless I turn my clock back to something like 2005. I added it to trusted sites, clicked continue(not recommended) and it STILL won't let me unless I go back in time 10 years.
Mozilla made patch for FF33. We will have it sooon
The strange BS, is you have no issue. Which version of FF did you use? All issues for me began with FF33, but all my ddwrt were between r13064 and the next one after r21061 in which you fixed ssh. _________________ ): FoReVeR nEwB
Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Tue Nov 18, 2014 10:16 Post subject:
i have no problems with ff 35 dev edition (previously aurora) & ddwrt latest build with https, the only https problem left is not related to browser, its just that several routers httpd -S simply doesnt run when told to _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Firefox 34beta10 now works with the help of the SSL Version Control plugin set to SSLv3 for old firmware (12533-13064) but not with more recent (14896). _________________ ): FoReVeR nEwB
-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2
these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
Unfortunately there are still ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only work if TLS is turned off.