Home > Linux, Mac administration, Mac OS X > Firefox 31 allows access on non-Windows platforms to Sharepoint and IIS sites using HTTPS

Firefox 31 allows access on non-Windows platforms to Sharepoint and IIS sites using HTTPS

As part of Firefox 31’s release, Mozilla made a change to enable support for NT LAN Manager version 1 (NTLMv1) network authentication when connecting to sites that are using HTTPS to allow encrypted communication via SSL between Firefox 31 and the website in question. This is to address the change made in Firefox 30, which disabled support for NT LAN Manager version 1 (NTLMv1) network authentication for sites using either HTTP and HTTPS.

NTLMv1 authentication to sites using HTTP is still disabled by default. For more information on why HTTPS is now enabled while HTTP remains disabled, this Mozilla bug report discusses the issue.

A way to tell if the NTLMv1-using site you’re trying to access is using HTTP or HTTPS is to check the connection address. If it begins with https://, you should be OK. If it begins with http:// , Firefox 31 will still block NTLMv1 authentication.

If you need to enable NTLMv1 authentication for an HTTP site that uses NTLMv1 authentication, Mozilla has provided a workaround to non-Windows users of Firefox, in the form of a setting that can be toggled to allow NTLMv1 authentication. This workaround should allow Mac and Linux users to continue using NTLMv1 authentication on HTTP sites, which will allow access again to SharePoint-based or IIS-backed web applications. For those folks who need it, I have the workaround documented here.

  1. Joe Carroll
    July 24, 2014 at 8:22 am

    This is a positive step, but I still find it incredible that Mozilla disabled NTLMv1 support by default before NTLMv2 support was ready. See the discussions here: https://bugzilla.mozilla.org/show_bug.cgi?id=828183 & https://bugzilla.mozilla.org/show_bug.cgi?id=423758
    My preferred solution would have been to force only NTLMv2 to be accepted on the server end by adding the LmCompatibilityLevel key with value 5 to HKLM\SYSTEM\CurrentControlSet\Control\Lsa in the DC’s registry (see: http://windowsitpro.com/blog/10-w2k8-r2-ad-tips-watch-lan-manager-authentication-level ), but it seems that Firefox may not work with that either!

  2. Paolo
    September 23, 2014 at 8:38 am

    NTLM is not an internet standard, so Mozilla is not supposed to support it with great priority.

  3. Levrett
    May 19, 2015 at 7:13 pm

    Does Firefox 38.0.1 esr (or another release) fix this issue? We resumed testing an issue where had no authentication to a MSSQL Reporting Server and now we do get the auth window in Firefox 38.0.1… 31.7 esr doesnt load the auth in testing – blank screen, no user/pass window.

  4. helsinki1952
    June 9, 2015 at 12:04 pm

    Thank you for the post and comments. Now that I’m on Firefox 38 for Mac, I don’t find “network.negotiate-auth.allow-insecure-ntlm-v1” setting anymore. Any info welcome

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: