Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Why "Firefox recommends that you don't enter ...information on this web" what is wrong on SHA256 site cert and how to get rid of the notice

  • 1 reply
  • 1 has this problem
  • 6 views
  • Last reply by philipp

more options

FF started warn me on some sites showing message: "Firefox recommends that you don't enter your password, credit card and other personal information on this web" and recommends "Don't trust this website". OK, certificate is valid, SHA256 encrypted, but, "Broken Encryption (TLS_RSA_WITH_RC4_128_SHA, 128 bit keys, TLS 1.2)" How can I get rid of the message, if I have to use the server and I have no possibility to change its encryption strenghts as it is not server of mine?

Thanks

Jiří Rohlíček

FF started warn me on some sites showing message: "Firefox recommends that you don't enter your password, credit card and other personal information on this web" and recommends "Don't trust this website". OK, certificate is valid, SHA256 encrypted, but, "Broken Encryption (TLS_RSA_WITH_RC4_128_SHA, 128 bit keys, TLS 1.2)" How can I get rid of the message, if I have to use the server and I have no possibility to change its encryption strenghts as it is not server of mine? Thanks Jiří Rohlíček

Chosen solution

hi, the rc4 cipher suite can no longer be considered state of the art and doesn't provide a decent level of security anymore - therefore firefox will warn you on affected sites (i am not sure what benefit it would have for you if this information is withhold from you): https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/

Read this answer in context 👍 0

All Replies (1)

more options

Chosen Solution

hi, the rc4 cipher suite can no longer be considered state of the art and doesn't provide a decent level of security anymore - therefore firefox will warn you on affected sites (i am not sure what benefit it would have for you if this information is withhold from you): https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/