{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreic6xd56c66tvln74tkjcso7smplhbplf55gtsemnwsix4yd7itc6q",
    "uri": "at://did:plc:hqad6xwuzg7oqfmwylfkvqfm/app.bsky.feed.post/3mjvvd74faq72"
  },
  "path": "/viewtopic.php?t=33360&p=272578#p272578",
  "publishedAt": "2026-04-20T05:48:38.000Z",
  "site": "http://forum.palemoon.org",
  "textContent": "You should not be using SSL 3.0 unless there is a very explicit reason to do so.\nThe reason sites might fail with SSL 3.0 as lowest is because handshakes are different, and IIRC we restricted graceful fallback of protocols to prevent known downgrade attacks a while back, which might cause trouble in the way NSS handles things. It's been a while, but some combinations don't necessarily work together; max may need to be TLS 1.2 if SSL 3.0 is still desired, I think, and you may also need to change a few other parameters controlling the fallback for it to work. IOW it's complicated if you want to enable SSL 3.0 in 2026.\n\nYou should be using at least TLS 1.0 anyway in website/server configurations (and preferably TLS 1.2) or your setup is simply not very robust. The sites mentioned may not handle old style negotiation anymore and break (would not surprise me in Linux land, where the latest trends have all revolved around cutting code out for \"being old\" regardless of compatibility).\n\nIt's also possible things for SSL 3.0 are simply just broken at this point in the way NSS is built (possibly it silently disabled support for it). We'd have to investigate.\n\n* * *",
  "title": "Browser Support • Re: Questions about security protocols and site access",
  "updatedAt": "2026-04-20T05:48:38.000Z"
}