Pair.com No Longer Allows TFF to Access Hosting Account
I've been a happy Pair.com customer for several years and always used TenFourFox on my PPC Mac mini G4 to login to my hosting account via the web interface.
Pair call it their ACC.
However two weeks ago Pair updated their security and I have not been able to login since.
I have no other browser (old Safari doesn't work either.)
I've opened a ticket at pair support, but Pair do not seem perturbed that their customer cannot login.
I have the latest 45.4 TFF, Pair did help me download it because on dial-up in the mountains of Asia I could not get a good connection myself.
I sent the codec data to Pair, and they confirm that it is the
browser security that is the problem.
Q/
Hi Colin,
Thank you for sending the updated cipher data.
Based on the output it does not appear that it supports TLSv1.1
or TLSv1.2.
I'm not sure what other browser options there are for PowerPC Mac
nor if
they support TLSv1.1 or TLSv1.2.
TLSv1.0 is not supported by our current security
architecture for the
Account Control Center.
Best regards,
Sean P.
pair Networks, Inc.
[email blocked]
/Q
I suggest you contact them to help them find a fix, otherwise I'm stuck.
Colin
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Cameron Kaiser on 21 Sep, 2016 01:51 PM
We don't work with vendors because vendors, in general, don't work with us. In previous discussions most refuse to support computers as old as these no matter what browser they're running, or falsely believe that it's an old browser masquerading as a later Firefox, or ignore us completely. Given that there's only a couple people working regularly to keep the browser working, this isn't something that's a useful line to pursue.
In this case Pair is wrong. TenFourFox most definitely supports TLS v1.2 and has for some time; you can see that for yourself by going here: https://www.howsmyssl.com/
Similarly, if you go to https://my.pair.com/ (I don't have a login and please do NOT provide yours), you will see the site loads. Press Command-I and click the Security tab. I see "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 256 bit keys, TLS v1.2". If TLS were indeed the problem you would not have gotten this far. If you see something different, please post it. If this isn't the host you're connecting to, or you get a different error message, post that too.
I don't know what cipher data you're indicating, but the connection is definitely TLS of the proper version on these systems.
Support Staff 2 Posted by Cameron Kaiser on 21 Sep, 2016 01:53 PM
(Feel free to give this URL to Pair Support, too, since they're more likely to listen to a paying customer than to us.)
3 Posted by cmjccmjc on 21 Sep, 2016 02:29 PM
Thank you Cameron, I really appreciate your labours over the years.
I'm a missionary in the mountains of Asia and cannot upgrade my Mac,
because none have dial-up modems. The only internet option in my
location.
I have the latest TFF, and yes it loads the Pair login page, but when it
processes the login data it hands over to another Pair server, and it
drops the connection every time.
I visited the url: https://www.howsmyssl.com/ as you asked, and it
scored 1 BAD and the rest green. The Bad is because it uses TLS 1.0 (not
the TLS v1.2 you mentioned)
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 256 bit keys, TLS 1.0"
I've used the national Asian ISP for several years, so maybe passing
through them is the cause?
This is the relevant cipher data I got from
https://cc.dcsec.uni-hannover.de/ which is the url Pair support pointed
me to:
Q/
User-Agent:
Mozilla/5.0 (Macintosh; PPC Mac OS X 10.4; rv:45.0) Gecko/20100101
Firefox/45.0 TenFourFox/7450
Preferred SSL/TLS version: TLSv1
Raw:
Version:3.1
Ciphers:c00a,c009,c013,c014,33,39,2f,35,0a
Extensions:0000,ff01,000a,000b,0023,3374,0010,0005
Remote Time:The TLS stack of your browser did not send a time value.
/Q
Thanks again for your help.
I have communicated with Kevin, the owner of Pair, for many years, so
should be able to twist his arm to sort this out :)
Any suggestions?
Colin
Support Staff 4 Posted by Chris (chtrusch... on 21 Sep, 2016 02:53 PM
Maybe security.tls.* aren't set to their defaults?
5 Posted by cmjccmjc on 21 Sep, 2016 03:00 PM
That's possible, I use NoScript and AdBlockPlus addons.
In the past, I have altered the default settings of various things.
How do I verify I have the default security.tls?
Colin
Support Staff 6 Posted by Cameron Kaiser on 21 Sep, 2016 03:20 PM
Probably the easiest thing to do at this point is to reset your profile -- this will put most of your settings back to the default -- and see if that changes anything. You can find steps for this at the bottom right ("How to reset your profile").
When you do Command-I and click Security on any secure site, do you see TLS v1.0 on them all? For example, on Tenderapp, right on this very page, I also see the same TLS v1.2 and same cipher.
Support Staff 7 Posted by Cameron Kaiser on 21 Sep, 2016 03:22 PM
As far as it being your ISP, it's certainly possible. A proxy between you and the other site may silently downgrade your TLS connection in a way that TenFourFox cannot detect. However, we should check that it's not a local configuration issue first before we conclude that.
8 Posted by cmjccmjc on 21 Sep, 2016 03:42 PM
Yes, on secure pages, I only see TLS 1.0 (not the TLS v1.2 you
mentioned)
And I do recall adjusting it some years ago. Let's see...Yes...
In about:support
security.tls.version.max I have value 1
Can I just adjust it to a higher vale without resetting everything to
default?
Colin
9 Posted by cmjccmjc on 21 Sep, 2016 03:55 PM
In
about:config
I just changed security.tls.version.max;3
And I successfully logged into my Pair account for the first time in two
weeks!
So that was all it was.
I do recall adjusting it several years ago, on advice from somewhere, to
avoid hacks.
I vaguely remember changing two parameters, not just the max value.
But if I have further trouble I will restore the defaults, as you
advise.
Many thanks.
Colin
Support Staff 10 Posted by Cameron Kaiser on 21 Sep, 2016 04:10 PM
I'm glad the solution was simple. Best of luck.
I'll close this ticket. No reply is needed. Any reply will reopen the ticket.
Cameron Kaiser closed this discussion on 21 Sep, 2016 04:10 PM.