• September 22, 2020, 05:33:09 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Firefox v27 SSL decryption error accessing 88xx EDM  (Read 12509 times)

0 Members and 1 Guest are viewing this topic.

Offline imorris

  • Rookie
  • **
  • Posts: 18
Firefox v27 SSL decryption error accessing 88xx EDM
« on: February 09, 2014, 07:17:39 PM »
My Firefox auto-updated itself to the latest version (27) which broke my access
to EDM on my 88xx cores.  According to Firefox there are significant improvements
to the SSL ... but it didn't help me at all. 

When I tried EDM access I received a rather unhelpful error frame citing ...

  Secure Connection Failed. 
  An error occurred during a connection to 10.x.x.254. 
  Peer was unable to decrypt an SSL record it received.
  (Error code: ssl_error_decryption_failed_alert)

My 88xx are running 7.1.5.3 and I plan to upgrade to 7.2.11 which might change the
situation but in the mean time I had to disable one of the SSL encryptions in Firefox.

In the URL bar type about:config.  Scroll down near the bottom and double-click "security.ssl3.rsa_des_ede3_sha" to disable it.

It should be noted that I was able to EDM to all my 45xx/48xx/56xx without a problem. 
It only affected 88xx.  I knew it had to be Firefox because IE and Chrome worked OK.

Cheers.


Offline Paul L

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 754
    • paulaleroux
    • Paul's Networking blog
Re: Firefox v27 SSL decryption error accessing 88xx EDM
« Reply #1 on: February 09, 2014, 09:05:09 PM »
IE v11 works fine with v7211.

ACSS- Avaya Enterprise Routing Switch  #8

Offline imorris

  • Rookie
  • **
  • Posts: 18
Re: Firefox v27 SSL decryption error accessing 88xx EDM
« Reply #2 on: February 09, 2014, 09:15:39 PM »
Thanks Paul,

if you have Firefox v27 available, would you mind checking if it works on 7.2.11 EDM?  I would like to know if the problem lies in 7.1.5.3 or in Firefox itself.

Thanks

Offline Paul L

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 754
    • paulaleroux
    • Paul's Networking blog
Re: Firefox v27 SSL decryption error accessing 88xx EDM
« Reply #3 on: February 09, 2014, 09:19:20 PM »
I can tell you that FF v26 didn't work well for me on EDM v7211.  it would load but the objects wouldn't draw properly.

As an Avaya engineer I always keep Firefox, Chrome and IE on my laptop because you never know when you will need one or the other.



ACSS- Avaya Enterprise Routing Switch  #8

Offline imorris

  • Rookie
  • **
  • Posts: 18
Re: Firefox v27 SSL decryption error accessing 88xx EDM
« Reply #4 on: February 09, 2014, 09:31:14 PM »
Well, that's depressing coz I kinda like Firefox.  Looks like I might have to retire it once I upgrade to 7.2.11.  I am still on IE9 (bloody SOE) and therefore IE/Safari/Chrome all report as unsupported browsers with EDM.  I have varying success with them ... I think that is why I have stuck with Firefox.

I am still interested if someone can check Firefox v27 access to 8800 v 7.2.11.  Without that security.ssl3.rsa_des_ede3_sha being disabled I could not get to the login screen.

Cheers

Offline Paul L

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 754
    • paulaleroux
    • Paul's Networking blog
Re: Firefox v27 SSL decryption error accessing 88xx EDM
« Reply #5 on: February 09, 2014, 09:34:06 PM »
i am back in the office on Tuesday.  remind me if I don't reply back...
ACSS- Avaya Enterprise Routing Switch  #8

Offline bylie

  • Sr. Member
  • ****
  • Posts: 149
Re: Firefox v27 SSL decryption error accessing 88xx EDM
« Reply #6 on: February 10, 2014, 02:31:01 AM »
Since upgrading to Firefox v27 we were also having this problem with the Avaya VSP 9000 running v3.3.4.0.GA. Disabling "security.ssl3.rsa_des_ede3_sha" also did the trick, thanks! I'm not really sure who's actually to blame so we've still created a supportcase for this.

Offline wood_morris

  • Rookie
  • **
  • Posts: 1
Re: Firefox v27 SSL decryption error accessing 88xx EDM
« Reply #7 on: February 11, 2014, 02:01:45 PM »
Similar problem as above.  SSL webpage worked fine in FireFox version 25, but v27 displays:
.......
Secure Connection Failed

An error occurred during a connection to <website URL>. Peer was unable to decrypt an SSL record it received. (Error code: ssl_error_decryption_failed_alert)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
.......

I searched yesterday for any reports of this bug in FireFox but found nothing.  Today I searched and this is the first report of this problem with FF v27.

Chrome and IE browsers have no problem loading the webpage. 
« Last Edit: February 11, 2014, 02:26:17 PM by wood_morris »

Offline imorris

  • Rookie
  • **
  • Posts: 18
Re: Firefox v27 SSL decryption error accessing 88xx EDM
« Reply #8 on: February 11, 2014, 05:16:46 PM »
Hi wood_morris

thanks for the feedback.  I am trying to determine where the issue is so can I ask you to clarify a couple of things please ... was the ssl page you were attempting to connect to on a network device, and did the disabling of the security.ssl3.rsa_des_ede3_sha entry resolve the problem?

Thanks in advance

Ian

Offline imorris

  • Rookie
  • **
  • Posts: 18
Re: Firefox v27 SSL decryption error accessing 88xx EDM
« Reply #9 on: February 12, 2014, 01:36:14 AM »
Hello again,

to cut a long story short I have determined that the fault lies with the 8800.  In essence I turned off all encryption algorithms except for the rsa_des_ede3_sha and found that I could access the EDMs on 4xxx and 5xxx equipment, and could also https: to other internet sites and internal servers just fine the only fail was the https: to my 8800s EDM.

Paul L if you get a chance would you mind cranking up Firefox v27 and trying to access one of your 8800's running 7.2.11?  If it works I'll just drop this whole thing, if it fails I will log it with Avaya.

Observations:
88xx has 5 algorithms to choose from, the rsa_des_ede3_sha is it's FIRST choice when accessed by Firefox and it breaks.
4xxx and 5xxx have 5 algorithms to choose from, the rsa_des_ede3_sha is the LAST choice when accessed by Firefox and still works anyway.
I don't seem to be able to revert to Firefox 26 to see if this algorithm exists and if so, whether it gets selected (and works).
The list (in preference order) for Chrome, shown here - https://code.google.com/p/chromium/issues/detail?id=58833 , puts this algorithm at the bottom so I am surprised that the 88xx selects it first over other stronger candidates.

Cheers

Offline figunet

  • Rookie
  • **
  • Posts: 16
Re: Firefox v27 SSL decryption error accessing 88xx EDM
« Reply #10 on: February 25, 2014, 07:00:45 AM »
It's the same problem that i had.
The solutions is;
I just disabled the following DES ciphers in Firefox's "about:config":
   security.ssl3.dhe_rsa_des_ede3_sha
   security.ssl3.ecdhe_rsa_des_ede3_sha
   security.ssl3.rsa_des_ede3_sha
Avaya is aware of this and it will probably be fixed in a future release
I don't remenber who send me this but thank again.

Offline imorris

  • Rookie
  • **
  • Posts: 18
Re: Firefox v27 SSL decryption error accessing 88xx EDM
« Reply #11 on: April 28, 2014, 06:14:40 PM »
Avaya have released 88xx v 7.2.12 which lists that it has fixed this issue.

Readme is here ... https://downloads.avaya.com/css/P8/documents/100179895

Cheers