Accessing a secure CA Process Automation via FireFox fails

Document ID : KB000018515
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

When attempting to access a secure CA Process Automation using a FireFox browser, an error may be displayed and access is not permitted. The error message is

Secure Connection Failed

An error occurred during a connection to {PAM_SERVER_NAME}.
Unsupported elliptic curve. (Error code: sec_error_unsupported_elliptic_curve)

Solution:

It seems that there is an issue with FireFox that prevents SSL Servers that allow Dual_EC_DRBG to load. This is preventing the client from communicating with the server.

This is an issue with OpenSSL and TLS and not a CA Process Automation issue.

Do the following in FireFox

Open a new blank window and type about:config
search for and double click the values for

security.tls.version.min =
security.tls.version.max =

Set the values for these parameters as follows:

security.tls.version.min = 0
security.tls.version.max = 0

Once those are set, close the browser and try accessing PAM again.

This enables SSL3 and TLS1 for FireFox.
These are both enabled by default in Chrome.