Thank you for your answers. So would you recommend to use one of these old versions, f.ex. TFF 37? (BTW, where can I get these?).
Being a 10.4.11 user, TFF is my only way to connect to the modern internet. :)
Still don't understand what's going on. If I ping furry.fm it answers. Traceroute goes down to 188.8.131.52. Furmania.org, hosted at the same server/IP, works. Furry.fm works fine in Safari 5 with latest LWK, but totally ignores our GET request. Changing our useragent doesn't do anything, so it's either a block on the server side (website or Plesk hosting) or something technical we've been lacking since TFF 38.
Joachim, can you confirm the website worked until recently in TFF 38 and later? Or did you update from TFF 31 a few days ago?
OK, if I set network.http.spdy.enforce-tls-profile to false it works. I.e. the server at furry.fm is misconfigured. It tries to use AES-CBC-SHA encryption with HTTP/2, which is not permitted. Not our fault, except we're maybe a bit strict in this regard, but I guess that's generally a good thing.
Chris, the website worked fine since March 2016 when I found it the first time.
I always used the latest version of TFF, and it worked with every version almost 2 years. My last time I opened the site successfully was about end of february 2018.
Joachim, thanks for the info. This is what you can do:
a) Ideally you should talk to the site owner and ask them to configure their server correctly for HTTP/2. If they can't/won't/don't understand:
b) type about:config in the URL bar of the browser, search for
and double-click it to set it to false. This way you'll make TenFourFox a little bit less secure but more compatible with furry.fm.
Cameron, what's to do? To disable HTTP2 and force the server to use HTTP 1.1 or the old spdy implementation (like TFF 31, that's why furry.fm still works in that version) doesn't seem like a good idea. To disable all old AES-CBC-SHAs would force servers to use more recent encryption methods, which works with furry.fm but would probably break other sites. Defaulting to network.http.spdy.enforce-tls-profile=false would allow servers to smuggle in old encryption with HTTP2. There's really no good solution to this.
Chris, what exact cipher does it negotiate (Command-I, security tab)? On this Firefox on an Intel MacBook, it negotiates ECDHE-RSA-AES256-GCM-SHA384. That matches the cipher list the server appears to export, and is not a TenFourFox supported cipher. However, the server should also support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, and TenFourFox does support that. Is there a change in the cipher it negotiates between FPR7b1 (which has an additional CBC-SHA cipher to get Amtrak working) and FPR6? The best solution might be issue 480: https://github.com/classilla/tenfourfox/issues/480
Chris, thank you very much! This works fine. For the moment, I will chance this setting when I want to visit this site, after I will activate it again. This is not big business.
Thanks a lot to the support theam, you help to keep our good old PPC macs alive!