Let's encrypt + Plesk + Firefox 45



i have some problems, if i activate on my server the let’s encrypt , the site will get complete white with a https - connection in firefox.

I’dont know why.

http://support.wegot.vision => working
https:///support.wegot.vision => not working

In chrome/Internet explorer/edge/opera it’s work fine.


It might be because of the following error:

Firefox 47 / Win 7 R Server negotiated HTTP/2 with blacklisted suite
RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDH secp256r1

(Source: https://dev.ssllabs.com/ssltest/analyze.html?d=support.wegot.vision&hideResults=on)

You can find the blacklisted cipher suits for HTTP2 here: https://http2.github.io/http2-spec/#BadCipherSuites

The list of cipher suits provided by my Firefox (45):

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   Forward Secrecy 	128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   Forward Secrecy 	128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   Forward Secrecy 	256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)   Forward Secrecy 	128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy 	128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy 	256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   Forward Secrecy 	128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   Forward Secrecy 	256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 	128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 	256

Cross-reference that with the list of cipher suits your server offers from the page I linked to above. You’ll see the first possible cipher suite of your server which is listed in the clients supported cipher suits is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014). And that suite is blacklisted.

Possible options:

  • Fix your servers cipher suites. The list of cipher suites now currently used is like… Ancient? An usefull method is using the Mozilla SSL Configuration Generator.
  • Disable HTTP2. But that won’t change the fact you’re using ancient cipher suites and possibly not getting the optimal encryption.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.