Description:

Since version 34, Firefox has blocked the Secure Sockets Layer version 3.0 (SSLv3) and since releasing version 39, support of SSLv3 has been removed altogether.

If you attempt to open WEBconfig via HTTPS on a LANCOM router that operates only the Secure Sockets Layer version 3.0 (SSLv3), Firefox blocks the access attempt and displays the error message "Unable to connect securely".

    Note:
    For security reasons, we recommend that you do not use the SSLv3 protocol.


This document describes how to disable the SSLv3 protocol in LANCOM devices so that accessing the device always uses the TLS protocol.

Note:
The methods described in the following also apply if browsers from other companies block or no longer support access via SSLv3.


Requirements:


Procedure:

Since the use of the SSLv3 protocol can be specified in a number of different places in the LANCOM device configuration, uploading the following script files disables SSLv3 globally.

1) For LCOS versions as of 9.0:

1.1) Using LANconfig, upload the following script file to the LANCOM router (Configuration management -> Restore script from file...).

    set-tls-lcos900.lcsset-tls-lcos900.lcs

    1.2) After successfully uploading the scripts, only the protocols TLSv1, TLSv1.1 and TLSv1.2 remain active.

    Check this by opening the configuration of the LANCOM router in WEBconfig and navigating to the menu LCOS menu tree -> Setup > HTTP -> SSL versions .

    If you wish to disable certain versions of TLS , remove the check marks accordingly and click the button Send .



    2) For LCOS versions 8.50 & 8.84:

    2.1) Using LANconfig, upload the following script file to the LANCOM router ( Configuration management -> Restore script from file... ).

    set-tls-lcos850-884.lcsset-tls-lcos850-884.lcs

    2.2) After successfully uploading the scripts, only the protocols TLSv1, TLSv1.1 and TLSv1.2 remain active.

    Check this by opening the configuration of the LANCOM router in WEBconfig and navigating to the menu LCOS menu tree -> Setup > HTTP -> SSL versions .

    If you wish to disable certain versions of TLS , remove the check marks accordingly and click the button Send .