Recently I saw an interesting thread at DSLR Networking https://www.dslreports.com/forum/r33481073-blocking-192-168-1-20 The thread was started with a problem not being able to get into wifi Ubiquiti gear: blocked ip 192.168.1.20 Then the discussion gets wider: - modern browsers doing this; Chrome, Firefox, Safari; (but not everyone had the same issue, it seems). - OSI Layer 4, the TLS layer. - self-signed certificate present on the devices web management portal. - and so on. I'm not going to quote the whole thread there. It's better to read it there for yourself. There are several screenshots there. Some suggestions were given (related to FireFox): 1. Use an older portable version of FF for this case. 2. Look in FF for the setting of security.tls.version.enable-deprecated PS: I tried to search here on the forum but no-match for security.tls.version.enable-deprecated
It seems ridiculous that stuff like this is a thing. There are a lot of devices with self-signed certs and they keep trying to save us from ourselves by making it more difficult to manage them.
what you probably missed is that mozilla abandoned some older signatures in the last versions _forever_ https://www.mozilla.org/en-US/firefox/103.0/releasenotes/ why chromium based do not have issues? those use the windows cert store. firefox can do same: security.enterprise_roots.enabled <- true the issue is caused by self signed certs from vendors, the problem is on their side, not firefox. firefox security is in parts much higher than chromium based, not only because of their own cert storage. but less people care and thus a lot of BS is written, also that linked thread. the pref should work searchfox tells me so https://searchfox.org/mozilla-centr...able-deprecated&path=&case=false®exp=false it should enable a button to re-enable TLS 1.0 and 1.1, not tried myself. test page https://tls-v1-0.badssl.com:1010/ if TLS 1.0 is enabled, it should work, otherwise not. edit - that pref makes that page available, its a live-switch, no restart needed. anyhow TLS 1.0 and 1.1 are vulnerable, not recommended for permanent usage. use another profile for this special purpose, nothing else.
