Pair.com No Longer Allows TFF to Access Hosting Account

Colin's Avatar

Colin

21 Sep, 2016 12:56 PM

I've been a happy Pair.com customer for several years and always used TenFourFox on my PPC Mac mini G4 to login to my hosting account via the web interface.

Pair call it their ACC.

However two weeks ago Pair updated their security and I have not been able to login since.

I have no other browser (old Safari doesn't work either.)

I've opened a ticket at pair support, but Pair do not seem perturbed that their customer cannot login.

I have the latest 45.4 TFF, Pair did help me download it because on dial-up in the mountains of Asia I could not get a good connection myself.

I sent the codec data to Pair, and they confirm that it is the browser security that is the problem.
Q/
Hi Colin,

Thank you for sending the updated cipher data.

Based on the output it does not appear that it supports TLSv1.1 or TLSv1.2.
I'm not sure what other browser options there are for PowerPC Mac nor if
they support TLSv1.1 or TLSv1.2.

TLSv1.0 is not supported by our current security architecture for the
Account Control Center.

Best regards,
Sean P.
pair Networks, Inc.
[email blocked]
/Q

I suggest you contact them to help them find a fix, otherwise I'm stuck.

Colin

  1. Support Staff 1 Posted by Cameron Kaiser on 21 Sep, 2016 01:51 PM

    Cameron Kaiser's Avatar

    We don't work with vendors because vendors, in general, don't work with us. In previous discussions most refuse to support computers as old as these no matter what browser they're running, or falsely believe that it's an old browser masquerading as a later Firefox, or ignore us completely. Given that there's only a couple people working regularly to keep the browser working, this isn't something that's a useful line to pursue.

    In this case Pair is wrong. TenFourFox most definitely supports TLS v1.2 and has for some time; you can see that for yourself by going here: https://www.howsmyssl.com/

    Similarly, if you go to https://my.pair.com/ (I don't have a login and please do NOT provide yours), you will see the site loads. Press Command-I and click the Security tab. I see "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 256 bit keys, TLS v1.2". If TLS were indeed the problem you would not have gotten this far. If you see something different, please post it. If this isn't the host you're connecting to, or you get a different error message, post that too.

    I don't know what cipher data you're indicating, but the connection is definitely TLS of the proper version on these systems.

  2. Support Staff 2 Posted by Cameron Kaiser on 21 Sep, 2016 01:53 PM

    Cameron Kaiser's Avatar

    (Feel free to give this URL to Pair Support, too, since they're more likely to listen to a paying customer than to us.)

  3. 3 Posted by cmjccmjc on 21 Sep, 2016 02:29 PM

    cmjccmjc's Avatar

    Thank you Cameron, I really appreciate your labours over the years.

    I'm a missionary in the mountains of Asia and cannot upgrade my Mac,
    because none have dial-up modems. The only internet option in my
    location.

    I have the latest TFF, and yes it loads the Pair login page, but when it
    processes the login data it hands over to another Pair server, and it
    drops the connection every time.

    I visited the url: https://www.howsmyssl.com/ as you asked, and it
    scored 1 BAD and the rest green. The Bad is because it uses TLS 1.0 (not
    the TLS v1.2 you mentioned)

    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 256 bit keys, TLS 1.0"

    I've used the national Asian ISP for several years, so maybe passing
    through them is the cause?

    This is the relevant cipher data I got from
    https://cc.dcsec.uni-hannover.de/ which is the url Pair support pointed
    me to:

    Q/
    User-Agent:
    Mozilla/5.0 (Macintosh; PPC Mac OS X 10.4; rv:45.0) Gecko/20100101
    Firefox/45.0 TenFourFox/7450
    Preferred SSL/TLS version: TLSv1

    Raw:
    Version:3.1
    Ciphers:c00a,c009,c013,c014,33,39,2f,35,0a
    Extensions:0000,ff01,000a,000b,0023,3374,0010,0005
    Remote Time:The TLS stack of your browser did not send a time value.
    /Q

    Thanks again for your help.

    I have communicated with Kevin, the owner of Pair, for many years, so
    should be able to twist his arm to sort this out :)

    Any suggestions?

    Colin

  4. Support Staff 4 Posted by Chris (chtrusch... on 21 Sep, 2016 02:53 PM

    Chris (chtrusch)'s Avatar

    Maybe security.tls.* aren't set to their defaults?

  5. 5 Posted by cmjccmjc on 21 Sep, 2016 03:00 PM

    cmjccmjc's Avatar

    That's possible, I use NoScript and AdBlockPlus addons.
    In the past, I have altered the default settings of various things.
    How do I verify I have the default security.tls?

    Colin

  6. Support Staff 6 Posted by Cameron Kaiser on 21 Sep, 2016 03:20 PM

    Cameron Kaiser's Avatar

    Probably the easiest thing to do at this point is to reset your profile -- this will put most of your settings back to the default -- and see if that changes anything. You can find steps for this at the bottom right ("How to reset your profile").

    When you do Command-I and click Security on any secure site, do you see TLS v1.0 on them all? For example, on Tenderapp, right on this very page, I also see the same TLS v1.2 and same cipher.

  7. Support Staff 7 Posted by Cameron Kaiser on 21 Sep, 2016 03:22 PM

    Cameron Kaiser's Avatar

    As far as it being your ISP, it's certainly possible. A proxy between you and the other site may silently downgrade your TLS connection in a way that TenFourFox cannot detect. However, we should check that it's not a local configuration issue first before we conclude that.

  8. 8 Posted by cmjccmjc on 21 Sep, 2016 03:42 PM

    cmjccmjc's Avatar

    Yes, on secure pages, I only see TLS 1.0 (not the TLS v1.2 you
    mentioned)

    And I do recall adjusting it some years ago. Let's see...Yes...

    In about:support
    security.tls.version.max I have value 1

    Can I just adjust it to a higher vale without resetting everything to
    default?

    Colin

  9. 9 Posted by cmjccmjc on 21 Sep, 2016 03:55 PM

    cmjccmjc's Avatar

    In
    about:config

    I just changed security.tls.version.max;3

    And I successfully logged into my Pair account for the first time in two
    weeks!

    So that was all it was.

    I do recall adjusting it several years ago, on advice from somewhere, to
    avoid hacks.

    I vaguely remember changing two parameters, not just the max value.

    But if I have further trouble I will restore the defaults, as you
    advise.

    Many thanks.

    Colin

  10. Support Staff 10 Posted by Cameron Kaiser on 21 Sep, 2016 04:10 PM

    Cameron Kaiser's Avatar

    I'm glad the solution was simple. Best of luck.

    I'll close this ticket. No reply is needed. Any reply will reopen the ticket.

  11. Cameron Kaiser closed this discussion on 21 Sep, 2016 04:10 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac