06-09-2020, 05:53 PM
(This post was last modified: 06-09-2020, 06:40 PM by Dendrocalamus64.)
It's Firefox 45.9.0esr, released 2017.04.19, the last pre-Electrolysis ESR version.
According to ssllabs' database, it supports TLS 1.2.
https://www.ssllabs.com/ssltest/viewClie...07&key=127
According to their server test,
https://www.ssllabs.com/ssltest/analyze....219.133.83
The forum supports TLS 1.2 & 1.3, but the handshake simulation section shows,
Firefox 31.3.0 ESR / Win 7 - Server sent fatal alert: handshake_failure
Firefox 47 / Win 7 R - Server sent fatal alert: handshake_failure
Firefox 49 / XP SP3 - RSA 2048 (SHA256) - TLS 1.2 > http/1.1
and a number of other TLS 1.2 browsers getting bumped to plain http.
Looking at the specific TLS 1.2 cipher suites supported, there is just no overlap. The still-good ones FF45 supports would be,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
and the closest the server has enabled are,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 4096 bits FS 256
(but it does have one weak one enabled.)
Also, www.pine64.org is available via IP6, but according to their testing the SSL config is out of sync with the IP4 one & substantially behind it (e.g. no TLS 1.3):
https://www.ssllabs.com/ssltest/analyze....a136%3a207
According to ssllabs' database, it supports TLS 1.2.
https://www.ssllabs.com/ssltest/viewClie...07&key=127
According to their server test,
https://www.ssllabs.com/ssltest/analyze....219.133.83
The forum supports TLS 1.2 & 1.3, but the handshake simulation section shows,
Firefox 31.3.0 ESR / Win 7 - Server sent fatal alert: handshake_failure
Firefox 47 / Win 7 R - Server sent fatal alert: handshake_failure
Firefox 49 / XP SP3 - RSA 2048 (SHA256) - TLS 1.2 > http/1.1
and a number of other TLS 1.2 browsers getting bumped to plain http.
Looking at the specific TLS 1.2 cipher suites supported, there is just no overlap. The still-good ones FF45 supports would be,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
and the closest the server has enabled are,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 4096 bits FS 256
(but it does have one weak one enabled.)
Also, www.pine64.org is available via IP6, but according to their testing the SSL config is out of sync with the IP4 one & substantially behind it (e.g. no TLS 1.3):
https://www.ssllabs.com/ssltest/analyze....a136%3a207