# [Firefox] INADEQUATE_SECURITY error on visiting many sites

## alogim

I just opened Firefox today (which is my default one) and the most well-known web sites failed to load.

The following error is shown:

```
The website tried to negotiate an inadequate level of security.

duckduckgo.com uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site.

Error code: NS_ERROR_NET_INADEQUATE_SECURITY
```

Both Chromium and Tor load the same web pages that Firefox fails to load. I already tried re-emerging app-misc/ca-certificates and dev-libs/openssl. The only way to fix it is by disabling HTTP/2, as explained here. 

Is it completely safe to do that? I suppose it forces to use HTTP/1.1 instead of 2.

Oh, by the way my Firefox is currently version 52.6.0, emerged on January 28, 2018.

----------

## audiodef

There's a big difference between stable and ~arch for Firefox. Try putting www-client/firefox ~amd64 (or your ~arch keyword) in package.accept_keywords and updating Firefox to the latest Mozilla-official release. There are known security vulns for older versions of FF.

----------

## Hu

 *audiodef wrote:*   

> There are known security vulns for older versions of FF.

 The point of the ESR line is to let people use an older line of Firefox and still receive security support.  The original poster is on the current ESR line (although there is one newer release in that line, 52.7).  Do you mean that he needs to update to 52.7 or that you want him to update to non-ESR?  If the latter, could you provide a citation for what security issues are fixed in non-ESR and not fixed in ESR?

----------

## audiodef

Oops, I was thinking of this: https://forums.gentoo.org/viewtopic-t-1077346.html

alogim has 52.6, which is not affected. My bad.   :Crying or Very sad: 

----------

## Hu

Mistakes happen.  That's why I wanted a citation.  :Smile: 

----------

## audiodef

I think you meant to say that I deserve a citation.   :Laughing: 

----------

