Re: Wich web browser on CentOS6 ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 02/10/2017 12:34 PM, James B. Byrne wrote:

On Fri, February 10, 2017 06:26, Patrick Begou wrote:
Hello

I have more and more troubles using firefox in professional
environment with
CentOS6. The latest version is 45.7.0 But I can't use it anymore to
access some
old server hardware (IDRAC7 of DELL C6100) because of
"/SSL_ERROR_WEAK_SERVER_CERT_KEY/".  I had to install an old Firefox32
version
to administrate these servers.

Today I upgrade the firmware of 2 DELL switch and now Firefox cannot
connect to them anymore saying: /An error occurred during a
connection to xxx.xxx.xxx.xxx. The server rejected
the handshake because the client downgraded to a lower TLS version
than the server supports// //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT

/Is there a CentOS6 recommended web browser allowing continuous
connections to olds and new base level (and local) system
administration services ?


This situation arises because older, dare I say old, equipment
released with embedded software and using http/https as the
administrative front end were shipped with minimally compliant x-509
certificates.  Often self-signed with 1kb keys and md5 signature
hashes. Not to mention many are past their expiry dates.

However, given the revelations of state sanctioned snooping on network
traffic browsers are being pushed to implement increased compliance
checking for the overall security of users. Firefox is simply
implementing what various 'authorities' are recommending as secure
practices with respect to authentication using pki and x-509
certificates.

The present situation is a PIA.  It could be a lot more user-friendly
if FF so chose. They could have easily allowed one to turn off these
advanced compliance checks for specific IP and DNS addresses so that
the intended benefit remained but the interference with existing
infrastructure was minimised.

But, FF is on its own chosen path to oblivion and the idea of
compromise is totally absent from their project plan.



IMHO FireFox is doing the right thing. Compromises in policy is how system compromises often happen.

If you can change the setting to be more forgiving of certain bad vendors, then so can malware.

What we really need to do is demand better from the manufacturers of products we use in a "professional environment" - and it is extremely important we demand better from them now, during the dawn of IoT.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux