CentOS - Feb 2017 - Wich web browser on CentOS6 ?

Hello

I have more and more troubles using firefox in professional environment with 
CentOS6. The latest version is 45.7.0 But I can't use it anymore to access
some
old server hardware (IDRAC7 of DELL C6100) because of 
"/SSL_ERROR_WEAK_SERVER_CERT_KEY/".  I had to install an old Firefox32
version
to administrate these servers.

Today I upgrade the firmware of 2 DELL switch and now Firefox cannot connect to 
them anymore saying:
/An error occurred during a connection to xxx.xxx.xxx.xxx. The server rejected 
the handshake because the client downgraded to a lower TLS version than the 
server supports//
//SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT

/Is there a CentOS6 recommended web browser allowing continuous connections to 
olds and new base level (and local) system administration services ?

Thanks

Patrick

-- 
==================================================================|  Equipe
M.O.S.T.         |                                      |
|  Patrick BEGOU           | mailto:Patrick.Begou at grenoble-inp.fr |
|  LEGI                    |                                      |
|  BP 53 X                 | Tel 04 76 82 51 35                   |
|  38041 GRENOBLE CEDEX    | Fax 04 76 82 52 71                   |
===================================================================

Hi,

I had the same problem. Stick to the old Firefox, but only to access old idrac,
ipmi etc.

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

----- Original Message -----
> From: "Patrick Begou" <Patrick.Begou at
legi.grenoble-inp.fr>
> To: "CentOS mailing list" <centos at centos.org>
> Sent: Friday, 10 February, 2017 11:26:14
> Subject: [CentOS] Wich web browser on CentOS6 ?
> Hello
> 
> I have more and more troubles using firefox in professional environment
with
> CentOS6. The latest version is 45.7.0 But I can't use it anymore to
access some
> old server hardware (IDRAC7 of DELL C6100) because of
> "/SSL_ERROR_WEAK_SERVER_CERT_KEY/".  I had to install an old
Firefox32 version
> to administrate these servers.
> 
> Today I upgrade the firmware of 2 DELL switch and now Firefox cannot
connect to
> them anymore saying:
> /An error occurred during a connection to xxx.xxx.xxx.xxx. The server
rejected
> the handshake because the client downgraded to a lower TLS version than the
> server supports//
> //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
> 
> /Is there a CentOS6 recommended web browser allowing continuous connections
to
> olds and new base level (and local) system administration services ?
> 
> Thanks
> 
> Patrick
> 
> --
> ==================================================================>| 
Equipe M.O.S.T.         |                                      |
>|  Patrick BEGOU           | mailto:Patrick.Begou at grenoble-inp.fr |
>|  LEGI                    |                                      |
>|  BP 53 X                 | Tel 04 76 82 51 35                   |
>|  38041 GRENOBLE CEDEX    | Fax 04 76 82 52 71                   |
> ==================================================================> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

Hm,

an Idee is to use a docker instance. I do that at my office, because
need JAVA 1.6 in the browser.

Sincerely

Andy

Am Freitag, den 10.02.2017, 12:26 +0100 schrieb Patrick
Begou:
> Hello
> 
> I have more and more troubles using firefox in professional environment
with
> CentOS6. The latest version is 45.7.0 But I can't use it anymore to
access some
> old server hardware (IDRAC7 of DELL C6100) because of 
> "/SSL_ERROR_WEAK_SERVER_CERT_KEY/".  I had to install an old
Firefox32 version
> to administrate these servers.
> 
> Today I upgrade the firmware of 2 DELL switch and now Firefox cannot
connect to
> them anymore saying:
> /An error occurred during a connection to xxx.xxx.xxx.xxx. The server
rejected
> the handshake because the client downgraded to a lower TLS version than the
> server supports//
> //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
> 
> /Is there a CentOS6 recommended web browser allowing continuous connections
to
> olds and new base level (and local) system administration services ?
> 
> Thanks
> 
> Patrick
>

On Fri, Feb 10, 2017 at 12:26:14PM +0100, Patrick Begou
wrote:
> Hello
> 
> I have more and more troubles using firefox in professional
> environment with CentOS6. The latest version is 45.7.0 But I can't
> use it anymore to access some old server hardware (IDRAC7 of DELL
> C6100) because of "/SSL_ERROR_WEAK_SERVER_CERT_KEY/".  I had to
> install an old Firefox32 version to administrate these servers.
> 
Can you try: (in Firefox's about:config):
possible workaround for SSL_ERROR_WEAK_SERVER_CERT_KEY
    security.ssl3.dhe_rsa_aes_128_sha
    security.ssl3.dhe_rsa_aes_256_sha
> Today I upgrade the firmware of 2 DELL switch and now Firefox cannot
> connect to them anymore saying:
> /An error occurred during a connection to xxx.xxx.xxx.xxx. The
> server rejected the handshake because the client downgraded to a
> lower TLS version than the server supports//
> //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
possible workaround for SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
    security.tls.version.max 3 -> 1

You might want to revert for safer browsing, after.
> /Is there a CentOS6 recommended web browser allowing continuous
> connections to olds and new base level (and local) system
> administration services ?
maybe different profiles with differents security setup?

Cheers

Tru
-- 
Tru Huynh 
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL:
<http://lists.centos.org/pipermail/centos/attachments/20170210/14f74c8d/attachment-0001.sig>

> Am 10.02.2017 um 12:26 schrieb Patrick Begou <Patrick.Begou at
legi.grenoble-inp.fr>:
> 
> I have more and more troubles using firefox in professional environment
with CentOS6. The latest version is 45.7.0 But I can't use it anymore to
access some old server hardware (IDRAC7 of DELL C6100) because of
"/SSL_ERROR_WEAK_SERVER_CERT_KEY/".  I had to install an old Firefox32
version to administrate these servers.
> 
> Today I upgrade the firmware of 2 DELL switch and now Firefox cannot
connect to them anymore saying:
> /An error occurred during a connection to xxx.xxx.xxx.xxx. The server
rejected the handshake because the client downgraded to a lower TLS version than
the server supports//
> //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
> 
> /Is there a CentOS6 recommended web browser allowing continuous connections
to olds and new base level (and local) system administration services ?

What says the current Firefox (version 45.7.0) while trying to connect to the
upgraded IDRAC7's ?

--
LF

Tru Huynh wrote:
> On Fri, Feb 10, 2017 at 12:26:14PM +0100, Patrick Begou wrote:
>> Hello
>>
>> I have more and more troubles using firefox in professional
>> environment with CentOS6. The latest version is 45.7.0 But I can't
>> use it anymore to access some old server hardware (IDRAC7 of DELL
>> C6100) because of "/SSL_ERROR_WEAK_SERVER_CERT_KEY/".  I had
to
>> install an old Firefox32 version to administrate these servers.
>>
> Can you try: (in Firefox's about:config):
> possible workaround for SSL_ERROR_WEAK_SERVER_CERT_KEY
>      security.ssl3.dhe_rsa_aes_128_sha
>      security.ssl3.dhe_rsa_aes_256_sha
These are yet set to true.
>
>> Today I upgrade the firmware of 2 DELL switch and now Firefox cannot
>> connect to them anymore saying:
>> /An error occurred during a connection to xxx.xxx.xxx.xxx. The
>> server rejected the handshake because the client downgraded to a
>> lower TLS version than the server supports//
>> //SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
> possible workaround for SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
>      security.tls.version.max 3 -> 1
>
> You might want to revert for safer browsing, after.
With this setting I get SSL_ERROR_NO_CYPHER_OVERLAP and I cannot connect to the 
switch.
Of course I can re-activate the old firmware version of the switch, but it has a
bug I would like to solve too.....

I know that to remains compatible with old config could have security problems 
but all of these devices
use dedicated ports (IDRAC, Out of band port management) on a private network 
which could be easily isolated.
The idea is to have a browser dedicated to this administration (instead of 
several versions/profiles)
>> /Is there a CentOS6 recommended web browser allowing continuous
>> connections to olds and new base level (and local) system
>> administration services ?
> maybe different profiles with differents security setup?
>
> Cheers
>
> Tru
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
Thanks all for your suggestion to find a solution or detailing your local work 
around....

Patrick

-- 
==================================================================|  Equipe
M.O.S.T.         |                                      |
|  Patrick BEGOU           | mailto:Patrick.Begou at grenoble-inp.fr |
|  LEGI                    |                                      |
|  BP 53 X                 | Tel 04 76 82 51 35                   |
|  38041 GRENOBLE CEDEX    | Fax 04 76 82 52 71                   |
===================================================================

On 2/10/17 3:26 AM, Patrick Begou wrote:
> /Is there a CentOS6 recommended web browser allowing continuous 
> connections to olds and new base level (and local) system 
> administration services ?
FYI you can download any previous release of Firefox from the URL below, 
and it will run right out of its own directory without being 'installed'
per se. So you could find one that is compatible and keep it separate 
from the one you use for regular browsing. You'd probably want to run it 
as a different user on your box, and/or a separate profile.

http://ftp.mozilla.org/pub/firefox/releases/

Or if you don't want to worry about which user and profile you're in, 
you could try an equivalent release of SeaMonkey.

http://ftp.mozilla.org/pub/seamonkey/releases/

Either way it would enable you to have a more secure, up-to-date browser 
for regular use while also having one that is compatible with the other 
systems you need to use.

Yes David, I'm using a release 32 of Firefox to reach my olds C6100 
IDRAC7 interface.
The problem is for latest Firefox versions as they require libgtk-3 not 
available in Centos6/RHEL6 distribution.

Today I use a very very bad solution to reach my switch with latest 
firmware version from the latest Firefox available in CentOS: I disable 
https and use http....
Even if it is on a private network, in a dedicated vlan behind a 
firewall... I don't like this.

Patrick

David Nelson a ?crit :
> On 2/10/17 3:26 AM, Patrick Begou wrote:
>> /Is there a CentOS6 recommended web browser allowing continuous 
>> connections to olds and new base level (and local) system 
>> administration services ?
>
> FYI you can download any previous release of Firefox from the URL 
> below, and it will run right out of its own directory without being 
> 'installed' per se. So you could find one that is compatible and
keep
> it separate from the one you use for regular browsing. You'd probably 
> want to run it as a different user on your box, and/or a separate 
> profile.
>
> http://ftp.mozilla.org/pub/firefox/releases/
>
> Or if you don't want to worry about which user and profile you're
in,
> you could try an equivalent release of SeaMonkey.
>
> http://ftp.mozilla.org/pub/seamonkey/releases/
>
> Either way it would enable you to have a more secure, up-to-date 
> browser for regular use while also having one that is compatible with 
> the other systems you need to use.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>