tag:tenfourfox.tenderapp.com,2012-01-07:/discussions/problems/8223-paircom-no-longer-allows-tff-to-access-hosting-accountTenFourFox: Discussion 2016-09-21T16:10:46Ztag:tenfourfox.tenderapp.com,2012-01-07:Comment/408055512016-09-21T13:51:49Z2016-09-21T13:51:49ZPair.com No Longer Allows TFF to Access Hosting Account<div><p>We don't work with vendors because vendors, in general, don't
work with us. In previous discussions most refuse to support
computers as old as these no matter what browser they're running,
or falsely believe that it's an old browser masquerading as a later
Firefox, or ignore us completely. Given that there's only a couple
people working regularly to keep the browser working, this isn't
something that's a useful line to pursue.</p>
<p>In this case Pair is wrong. TenFourFox most definitely supports
TLS v1.2 and has for some time; you can see that for yourself by
going here: <a href="https://www.howsmyssl.com/">https://www.howsmyssl.com/</a></p>
<p>Similarly, if you go to <a href="https://my.pair.com/">https://my.pair.com/</a> (I don't have a
login and please do NOT provide yours), you will see the site
loads. Press Command-I and click the Security tab. I see
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 256 bit keys, TLS v1.2". If
TLS were indeed the problem you would not have gotten this far. If
you see something different, please post it. If this isn't the host
you're connecting to, or you get a different error message, post
that too.</p>
<p>I don't know what cipher data you're indicating, but the
connection is definitely TLS of the proper version on these
systems.</p></div>Cameron Kaisertag:tenfourfox.tenderapp.com,2012-01-07:Comment/408055512016-09-21T13:53:58Z2016-09-21T13:53:58ZPair.com No Longer Allows TFF to Access Hosting Account<div><p>(Feel free to give this URL to Pair Support, too, since they're
more likely to listen to a paying customer than to us.)</p></div>Cameron Kaisertag:tenfourfox.tenderapp.com,2012-01-07:Comment/408055512016-09-21T14:29:03Z2016-09-21T14:29:04ZPair.com No Longer Allows TFF to Access Hosting Account<div><p>Thank you Cameron, I really appreciate your labours over the
years.</p>
<p>I'm a missionary in the mountains of Asia and cannot upgrade my
Mac,<br>
because none have dial-up modems. The only internet option in
my<br>
location.</p>
<p>I have the latest TFF, and yes it loads the Pair login page, but
when it<br>
processes the login data it hands over to another Pair server, and
it<br>
drops the connection every time.</p>
<p>I visited the url: <a href="https://www.howsmyssl.com/">https://www.howsmyssl.com/</a> as you
asked, and it<br>
scored 1 BAD and the rest green. The Bad is because it uses TLS 1.0
(not<br>
the TLS v1.2 you mentioned)</p>
<p>"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 256 bit keys, TLS 1.0"</p>
<p>I've used the national Asian ISP for several years, so maybe
passing<br>
through them is the cause?</p>
<p>This is the relevant cipher data I got from<br>
<a href="https://cc.dcsec.uni-hannover.de/">https://cc.dcsec.uni-hannover.de/</a>
which is the url Pair support pointed<br>
me to:</p>
<p>Q/<br>
User-Agent:<br>
Mozilla/5.0 (Macintosh; PPC Mac OS X 10.4; rv:45.0)
Gecko/20100101<br>
Firefox/45.0 TenFourFox/7450<br>
Preferred SSL/TLS version: TLSv1</p>
<p>Raw:<br>
Version:3.1<br>
Ciphers:c00a,c009,c013,c014,33,39,2f,35,0a<br>
Extensions:0000,ff01,000a,000b,0023,3374,0010,0005<br>
Remote Time:The TLS stack of your browser did not send a time
value.<br>
/Q</p>
<p>Thanks again for your help.</p>
<p>I have communicated with Kevin, the owner of Pair, for many
years, so<br>
should be able to twist his arm to sort this out :)</p>
<p>Any suggestions?</p>
<p>Colin</p></div>cmjccmjctag:tenfourfox.tenderapp.com,2012-01-07:Comment/408055512016-09-21T14:53:14Z2016-09-21T14:53:14ZPair.com No Longer Allows TFF to Access Hosting Account<div><p>Maybe security.tls.* aren't set to their defaults?</p></div>Chris (chtrusch)tag:tenfourfox.tenderapp.com,2012-01-07:Comment/408055512016-09-21T15:00:12Z2016-09-21T15:00:13ZPair.com No Longer Allows TFF to Access Hosting Account<div><p>That's possible, I use NoScript and AdBlockPlus addons.<br>
In the past, I have altered the default settings of various
things.<br>
How do I verify I have the default security.tls?</p>
<p>Colin</p></div>cmjccmjctag:tenfourfox.tenderapp.com,2012-01-07:Comment/408055512016-09-21T15:20:50Z2016-09-21T15:20:50ZPair.com No Longer Allows TFF to Access Hosting Account<div><p>Probably the easiest thing to do at this point is to reset your
profile -- this will put most of your settings back to the default
-- and see if that changes anything. You can find steps for this at
the bottom right ("How to reset your profile").</p>
<p>When you do Command-I and click Security on <em>any</em> secure
site, do you see TLS v1.0 on them all? For example, on Tenderapp,
right on this very page, I also see the same TLS v1.2 and same
cipher.</p></div>Cameron Kaisertag:tenfourfox.tenderapp.com,2012-01-07:Comment/408055512016-09-21T15:22:14Z2016-09-21T15:22:14ZPair.com No Longer Allows TFF to Access Hosting Account<div><p>As far as it being your ISP, it's certainly possible. A proxy
between you and the other site may silently downgrade your TLS
connection in a way that TenFourFox cannot detect. However, we
should check that it's not a local configuration issue first before
we conclude that.</p></div>Cameron Kaisertag:tenfourfox.tenderapp.com,2012-01-07:Comment/408055512016-09-21T15:42:18Z2016-09-21T15:42:18ZPair.com No Longer Allows TFF to Access Hosting Account<div><p>Yes, on secure pages, I only see TLS 1.0 (not the TLS v1.2
you<br>
mentioned)</p>
<p>And I do recall adjusting it some years ago. Let's
see...Yes...</p>
<p>In about:support<br>
security.tls.version.max I have value 1</p>
<p>Can I just adjust it to a higher vale without resetting
everything to<br>
default?</p>
<p>Colin</p></div>cmjccmjctag:tenfourfox.tenderapp.com,2012-01-07:Comment/408055512016-09-21T15:55:24Z2016-09-21T15:55:24ZPair.com No Longer Allows TFF to Access Hosting Account<div><p>In<br>
about:config</p>
<p>I just changed security.tls.version.max;3</p>
<p>And I successfully logged into my Pair account for the first
time in two<br>
weeks!</p>
<p>So that was all it was.</p>
<p>I do recall adjusting it several years ago, on advice from
somewhere, to<br>
avoid hacks.</p>
<p>I vaguely remember changing two parameters, not just the max
value.</p>
<p>But if I have further trouble I will restore the defaults, as
you<br>
advise.</p>
<p>Many thanks.</p>
<p>Colin</p></div>cmjccmjctag:tenfourfox.tenderapp.com,2012-01-07:Comment/408055512016-09-21T16:10:42Z2016-09-21T16:10:42ZPair.com No Longer Allows TFF to Access Hosting Account<div><p>I'm glad the solution was simple. Best of luck.</p>
<p>I'll close this ticket. No reply is needed. Any reply will
reopen the ticket.</p></div>Cameron Kaiser