Thanks much! I've moved to correct forum :)

From what I understand, FF/later versions, disabled these older protocols for good, i.e. NO way to be "friendly".. the only recourse is for the destination to use a known secure authentication, hence I was told it might be a "certificate" thing. (Yeah, can use IE/Chrome, but...)

This is an example of a linksys router with Tomato firmware, which uses keylength of 512 bits, which is not secure enough for FF :) This procedure re-generates that key on the router to 1024 bits, and after that the latest FF connected without any issues:

http://stackoverflow.com/questions/26389964/firefox-33-0-wont-open-a-specific-local-application-error-code-sec-error-inva/26520093#26520093

I would think a similar procedure is needed for the SPA122

I'm not user of Firefox but I'm using Seamonkey, the browser based on the same engine as Firefox, just different UI. And it's matter of configuration of Seamonkey. Final security decision must be done by man, not by machine so I assume even Firefox will allow you to make decisions.

Note that SPA IP Phones as well as ATA gateways are not suitable to be exposed to public Internet. So if you are concerned by security, you need to make them accessible from trusted sources only. It mean LAN and secure tunnels. In such controlled environment even protocol so weak for wild Internet may fulfill your requirements.

This is on a trusted network, yet i prefer to use https and not http.  I *think* this has to do with SSLv3, there's even a website:

https://disablessl3.com/

calling for all browsers to eventually disable it, and I think the option to 're-enable' is going to be the exception, and not the rule. FF and many other browsers are scheduled to COMPLETELY remove that. You may be lucky with Seamonkey, I see they mention there's an option to re-enable, such option is not there in FF b/c the developers do not see it secure enough.  Found an add-on to FF:

https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

it seems this also helps with DISABLING for those concerned with security.

I'm not  excessively concerned about security, just want a way to connect with https to the SPA122 using firefox.

Am I the only one doing this??? :)

No.

But if you wish to make decision, you need to use tools allowing you to make them.

It seems that with Firefox you are not considered responsible enough to decide by self.

Just use another browser that better fit your needs.

I think you're missing the point... yeah, as I said, I can use IE/Chrome - as a temporary workaround, however, sooner or later, these will also have it removed.

Someone with SPA122 knowledge hopefully can help and say what needs to change on the ATA side to allow a more secure login.

What if I said I am fanatic about security and REQUIRE a secure authentication, what then?  use IE/Chrome with broken https?  Clearly FF is taking the path of the future, and the fact that folks 'slack' and 're-enable' something broken is only going to work for so much..

So, any way to get a secure https connection to SPA122 with ANY browser ?? :)

Thanks for everyone's help.

You can't say something is (not) secure unless you declared the purpose.

SPA122 is secure in closed network only. SSLv3 as well as TLSv1 is secure enough in such particular environment as there is no attacker.

And no, there is no way to get HTTPS connection from browser supporting incompatible protocols only.

I fully understand what you are asking for, but wishes doesn't create solutions itself.

Someone with SPA122 knowledge hopefully can help and say what needs to change on the ATA side to allow a more secure login.

Nothing. It's just not supported. May be in a future firmware.

As long as this issue is reported/known to Cisco, that is fine, does anyone happen to know of a case/bug#?

I do not expect an overnight solution, although this FF and other browser's move is public for many months :)

I guess 'secure & closed network' is a relative term. One never knows if the 'secure' network is really secure :)  We think that it is, but it may NOT be, so any added level of security is definitely welcomed, not to mention that some companies will out right not allow using anything with broken and known vulnerabilities, without looking at the specifics..

Anyways, hopefully someone from Cisco can let us know if this is already tracked/planned on their end.

Thanks.

Little chance you will got a response from Cisco guy here. Buy support contract then call SMB Support then wait for their response ...

Thanks Dan..

Well, I would hope for Cisco they have someone scanning these and putting correct answers, otherwise this gets archived as.. SPA122 is not secure aware :)  Yeah, u can use a non-secure browser to manage it, but that is just avoiding the issue...  many routers and devices are affected, typically the fix is very simple, like one provided above for a linksys router:

http://stackoverflow.com/questions/26389964/firefox-33-0-wont-open-a-specific-local-application-error-code-sec-error-inva/26520093#26520093

lets see if Cisco is here to set the record straight :)

I told you it's matter of man's decision and Firefox configuration decision ;-)

Moved to Firefox 39, now this workaround does not work anymore... FF returns:

"Secure Connection Failed:

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."

Chrome  returns:

"This webpage is not available

Upgraded firmware to July 22, 2015, from Cisco's website, for SPA122:

SPA112_SPA122_1.3.5_004p_XU_FW.zip

however, same results, basically not possible to configure or even connect to the ATA box.  Now, sure I can continuously seek to find ever less secure browsers, but isn't this something Cisco going to handle? re-generate a certificate on these ATA?

Anyone knows how to workaround in latest Chrome, or Firefox 39 or above?

Thanks.

sure I can continuously seek to find ever less secure browsers

Despite it's slightly off-topic I would like to claim I disagree.

Those newer browsers are less secure than the previous one. You are not allowed to setup your own policy in browser, you are not allowed to decide what's secure enough for particular environment.

It's not more secure browser, it's less secure browser.