X
Tap here to go to the mobile version of the site.

منتدى الدعم

An https site I have been using for years suddenly is no longer accessible "because the authenticity of the received data could no longer be verified."

Posted

It works on Furefox on Windows7 Pro and on Internet Explorer but not on Windows 7 Home Edition, and not on my Android phone. Any ideas how to work around thus?

It works on Furefox on Windows7 Pro and on Internet Explorer but not on Windows 7 Home Edition, and not on my Android phone. Any ideas how to work around thus?

Chosen solution

In another thread, you indicated that the site is https://teradatanet.teradata.com/

That site uses TLS 1.0, an older version of the SSL standard that Firefox 37 no longer treats as secure. This is a change from Firefox 36.

You can make a site-specific exception for the problem server so Firefox allows TLS 1.0 -- this is for Windows, I have not tested on Android:

Here's how:

(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those. In this case: teradatanet.teradata.com

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste tls and pause while the list is filtered

(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.

When you reload that site, Firefox 37 will now redirect to a second server (note the additional 0 in the host name):

https://teradatanet0.teradata.com/Site0083/oam/UI/Login?goto=https://teradatanet.teradata.com/c/portal/login

So repeat steps 1 and 4 with the additional host name (in step 4, add the second host name after a comma, do not delete the first one).

Now when you reload, it should work like Firefox 36. Instead of a gray padlock, you should see the gray exclamation triangle warning icon, indicating a problem with the connection. In this case, the problem is that the server uses an RC4 cipher, which Firefox 36 and higher treat as insecure/hackable.

Read this answer in context 8

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Android; Mobile; rv:37.0) Gecko/37.0 Firefox/37.0

More Information

kbrosnan
  • Moderator
585 solutions 3855 answers

Helpful Reply

The exact url is rather important here.

The exact url is rather important here.
jscher2000
  • Top 10 Contributor
8787 solutions 71865 answers

Chosen Solution

In another thread, you indicated that the site is https://teradatanet.teradata.com/

That site uses TLS 1.0, an older version of the SSL standard that Firefox 37 no longer treats as secure. This is a change from Firefox 36.

You can make a site-specific exception for the problem server so Firefox allows TLS 1.0 -- this is for Windows, I have not tested on Android:

Here's how:

(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those. In this case: teradatanet.teradata.com

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste tls and pause while the list is filtered

(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.

When you reload that site, Firefox 37 will now redirect to a second server (note the additional 0 in the host name):

https://teradatanet0.teradata.com/Site0083/oam/UI/Login?goto=https://teradatanet.teradata.com/c/portal/login

So repeat steps 1 and 4 with the additional host name (in step 4, add the second host name after a comma, do not delete the first one).

Now when you reload, it should work like Firefox 36. Instead of a gray padlock, you should see the gray exclamation triangle warning icon, indicating a problem with the connection. In this case, the problem is that the server uses an RC4 cipher, which Firefox 36 and higher treat as insecure/hackable.

In another thread, you indicated that the site is https://teradatanet.teradata.com/ That site uses TLS 1.0, an older version of the SSL standard that Firefox 37 no longer treats as secure. This is a change from Firefox 36. You can make a site-specific exception for the problem server so Firefox allows TLS 1.0 -- this is for Windows, I have not tested on Android: Here's how: (1) Copy the host name of the server address. This is the part ''between'' the https:// protocol and the next / character, and not including either of those. In this case: '''teradatanet.teradata''.''com''' (2) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful. (3) In the search box above the list, type or paste '''tls''' and pause while the list is filtered (4) Double-click the '''security.tls.insecure_fallback_hosts''' preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change. When you reload that site, Firefox 37 will now redirect to a second server (note the additional 0 in the host name): https://'''teradatanet0.teradata''.''com'''/Site0083/oam/UI/Login?goto=https://teradatanet.teradata''.''com/c/portal/login So repeat steps 1 and 4 with the additional host name (in step 4, add the second host name after a comma, do not delete the first one). Now when you reload, it should work like Firefox 36. Instead of a gray padlock, you should see the gray exclamation triangle warning icon, indicating a problem with the connection. In this case, the problem is that the server uses an RC4 cipher, which Firefox 36 and higher treat as insecure/hackable.

Question owner

Yep! That does it. Thank you very much.

Yep! That does it. Thank you very much.

Question owner

That fixed my Android phone too. The mystery remains: why does this URL still work with Firefox 37.0.1 on Windows 7 Pro when security.tls.insecure_fallback_hosts is still set to an empty string?

That fixed my Android phone too. The mystery remains: why does this URL still work with Firefox 37.0.1 on '''Windows 7 Pro''' when security.tls.insecure_fallback_hosts is still set to an empty string?
jscher2000
  • Top 10 Contributor
8787 solutions 71865 answers

GJColeman78 said

The mystery remains: why does this URL still work with Firefox 37.0.1 on Windows 7 Pro when security.tls.insecure_fallback_hosts is still set to an empty string?

Could you check on whether any of your other tls preferences have been modified on the Win7Pro system?

''GJColeman78 [[#answer-714317|said]]'' <blockquote> The mystery remains: why does this URL still work with Firefox 37.0.1 on '''Windows 7 Pro''' when security.tls.insecure_fallback_hosts is still set to an empty string? </blockquote> Could you check on whether any of your other tls preferences have been modified on the Win7Pro system?

Question owner

Ah! Good question! On my Windows Pro system the Preference value "security.tls.unrestricted_rc4_fallback" is not defined, but it is set to "true" in the Windows Home installation of Firefox. So maybe it is using a default fallback list? Maybe I could also have fixed this by setting security.tls.unrestricted_rc4_fallback to false?

Ah! Good question! On my Windows Pro system the Preference value "'''security.tls.unrestricted_rc4_fallback'''" is not defined, but it is set to "true" in the Windows Home installation of Firefox. So maybe it is using a default fallback list? Maybe I could also have fixed this by setting security.tls.unrestricted_rc4_fallback to false?
jscher2000
  • Top 10 Contributor
8787 solutions 71865 answers

I think security.tls.unrestricted_rc4_fallback is a preference that will be introduced in Firefox 38 (currently available as "Beta") and would have no effect in Firefox 37.

It should default to false, but I don't think this affects the TLS 1.0 issue either way. Instead, it affects the gray exclamation triangle warning icon issue. (Actually, I can't say whether it's a warning in Firefox 38 or a hard block, I haven't researched that.)

I think '''security.tls.unrestricted_rc4_fallback''' is a preference that will be introduced in Firefox 38 (currently available as "Beta") and would have no effect in Firefox 37. It should default to false, but I don't think this affects the TLS 1.0 issue either way. Instead, it affects the gray exclamation triangle warning icon issue. (Actually, I can't say whether it's a warning in Firefox 38 or a hard block, I haven't researched that.)

Question owner

Oh, okay. During this discussion, in desperation before I had any idea of a solution I had installed the Beta version (38) on Windows Home. That's why I now see security.tls.unrestricted_rc4_fallback there. But that's the only difference in tls settings I can see.

Oh, okay. During this discussion, in desperation before I had any idea of a solution I had installed the Beta version (38) on Windows Home. That's why I now see '''security.tls.unrestricted_rc4_fallback''' there. But that's the only difference in tls settings I can see.
jscher2000
  • Top 10 Contributor
8787 solutions 71865 answers

Hmm, I don't know why your Windows 7 Pro Firefox 37 didn't have the same objections as your home system (and as my system).

Hmm, I don't know why your Windows 7 Pro Firefox 37 didn't have the same objections as your home system (and as my system).

Question owner

Well, if it shows up in the future I guess I know what to do. I just rebooted the 'Pro system for another reason and it still works. Thanks.

Well, if it shows up in the future I guess I know what to do. I just rebooted the 'Pro system for another reason and it still works. Thanks.
gmusser 0 solutions 4 answers

I'm running FF 37.0.2 under Mac OS 10.10.3, and whenever I try to access 23andme.com, I get a "Secure Connection Failed" error. I added the domain to the security.tls.insecure_fallback_hosts string, but still get the error.

I'm running FF 37.0.2 under Mac OS 10.10.3, and whenever I try to access 23andme.com, I get a "Secure Connection Failed" error. I added the domain to the security.tls.insecure_fallback_hosts string, but still get the error.
cor-el
  • Top 10 Contributor
  • Moderator
17570 solutions 158915 answers

Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field type/paste the URL of the website:
https://23andme.com

  • retrieve the certificate via the "Get certificate" button
  • inspect the certificate via the "View..." button
Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate: * chrome://pippki/content/exceptionDialog.xul In the location field type/paste the URL of the website:<br />https://23andme.com * retrieve the certificate via the "Get certificate" button * inspect the certificate via the "View..." button
gmusser 0 solutions 4 answers

Many thanks. When I try that procedure, I am told "no information available".

Many thanks. When I try that procedure, I am told "no information available".
cor-el
  • Top 10 Contributor
  • Moderator
17570 solutions 158915 answers

I see this information in the certificate viewer.


You can check the connection settings.

If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.

Try to disable IPv6 (check for other possible causes as well).

I see this information in the certificate viewer. ---- You can check the connection settings. *Firefox > Preferences > Advanced > Network : Connection > Settings *https://support.mozilla.org/kb/Options+window+-+Advanced+panel If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly. Try to disable IPv6 (check for other possible causes as well). *http://kb.mozillazine.org/Error_loading_websites
gmusser 0 solutions 4 answers

I'm not using a proxy. I tried disabling IPv6 and prefetching using the about:config flags, but still the problem persists. This is the only website I haven't been able to access using FF. I can access the website without trouble using Safari and Chrome.

At this point, I have to conclude that there's a bug or, equivalently, unintended feature in FF that is stopping me.

I'm not using a proxy. I tried disabling IPv6 and prefetching using the about:config flags, but still the problem persists. This is the only website I haven't been able to access using FF. I can access the website without trouble using Safari and Chrome. At this point, I have to conclude that there's a bug or, equivalently, unintended feature in FF that is stopping me.
cor-el
  • Top 10 Contributor
  • Moderator
17570 solutions 158915 answers

Try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

If that didn't help then remove or rename secmod.db (secmod.db.old) as well.

You can use this button to go to the currently used Firefox profile folder:

Try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored. If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate. If that didn't help then remove or rename secmod.db (secmod.db.old) as well. You can use this button to go to the currently used Firefox profile folder: *Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder) *http://kb.mozillazine.org/Profile_folder_-_Firefox
gmusser 0 solutions 4 answers

No dice. I renamed both cert8.db and secmod.db and restarted, but still can't access 23andme.com.

No dice. I renamed both cert8.db and secmod.db and restarted, but still can't access 23andme.com.