X
Tippen Sie hierhin, um die Version dieser Website für Mobilgeräte aufzurufen.

Hilfeforum

Would like to get to this web site https://www.vermontfederal.org/home/home always did, not now, message SSL_ERROR_NO_CYPHER_OVERLAP

Veröffentlicht

I can't get to my bank's website, where I used to go for many years. the site is:

https://www.vermontfederal.org/home/home   

I get message of Error: SSL_ERROR_NO_CYPHER_OVERLAP

It just happened out of nowhere. Thank you for help I can't change to newer browser, because I would have to change to newer system software on my Mac and would loose lots of software installed years ago which I like. The system on my Mac is OS 10.8.5 Evzen Holas

I can't get to my bank's website, where I used to go for many years. the site is: https://www.vermontfederal.org/home/home I get message of Error: SSL_ERROR_NO_CYPHER_OVERLAP It just happened out of nowhere. Thank you for help I can't change to newer browser, because I would have to change to newer system software on my Mac and would loose lots of software installed years ago which I like. The system on my Mac is OS 10.8.5 Evzen Holas

Mehr Details zum System

Installierte Plugins

  • Displays Java applet content, or a placeholder if Java is not installed.
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.
  • Shockwave Flash 22.0 r0
  • iPhoto6

Anwendung

  • User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:48.0) Gecko/20100101 Firefox/48.0

Weitere Informationen

jscher2000
  • Top 10 Contributor
8758 Lösungen 71655 Antworten
Veröffentlicht

Hi Evzen, many banks are tightening up their connection requirements, and you are running a very old version of Firefox that doesn't have the latest ciphers built-in.

The following page shows the bank has very strict connection requirements:

  • TLS 1.2 only (not 1.0 or 1.1)
  • One of these two ciphers:
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

https://www.ssllabs.com/ssltest/analyze.html?d=www.vermontfederal.org

Apparently Firefox 48 can't do that. Have you tried Safari?

Hi Evzen, many banks are tightening up their connection requirements, and you are running a very old version of Firefox that doesn't have the latest ciphers built-in. The following page shows the bank has very strict connection requirements: * TLS 1.2 only (not 1.0 or 1.1) * One of these two ciphers: ** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 https://www.ssllabs.com/ssltest/analyze.html?d=www.vermontfederal.org Apparently Firefox 48 can't do that. Have you tried Safari?
TyDraniu
  • Top 25 Contributor
318 Lösungen 1831 Antworten
Veröffentlicht

Enter about:config in the URL bar and check values of security.tls.version.min and security.tls.version.max. Try to set security.tls.version.max = 3.

Enter ''about:config'' in the URL bar and check values of '''security.tls.version.min''' and '''security.tls.version.max'''. Try to set ''security.tls.version.max'' = 3.

Geändert am von TyDraniu

jscher2000
  • Top 10 Contributor
8758 Lösungen 71655 Antworten
Veröffentlicht

In current Firefox, you also would want the following enabled. I don't know whether it exists in Firefox 48:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste gcm and pause while the list is filtered

(3) If the security.ssl3.ecdhe_rsa_aes_256_gcm_sha384 preference is bolded and "modified" or "user set" to false, double-click it to restore the default value of true

If it's missing completely, well, there's yer trouble.

In current Firefox, you also would want the following enabled. I don't know whether it exists in Firefox 48: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk. (2) In the search box above the list, type or paste '''gcm''' and pause while the list is filtered (3) If the '''security.ssl3.ecdhe_rsa_''aes_256''_gcm_''sha384''''' preference is bolded and "modified" or "user set" to false, double-click it to restore the default value of true If it's missing completely, well, there's yer trouble.

Fragesteller

To my helpers I can't use safari, I would have to update system software, which I do not want to do. (because thenewer once suck) My security.tls.version.max. is by default set to 3 And security.ssl3.ecdhe_rsa_aes_256_gcm_sha384, I do not have there, I have security.ssl3.ecdhe_rsa_aes_128_gcm_sha256

Thank you for trying. Is there any hope. It just happened out of nowhere, I was fine with this for years and other websites , like Pay Pal etc work

To my helpers I can't use safari, I would have to update system software, which I do not want to do. (because thenewer once suck) My security.tls.version.max. is by default set to 3 And security.ssl3.ecdhe_rsa_aes_256_gcm_sha384, I do not have there, I have security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 Thank you for trying. Is there any hope. It just happened out of nowhere, I was fine with this for years and other websites , like Pay Pal etc work
jscher2000
  • Top 10 Contributor
8758 Lösungen 71655 Antworten
Veröffentlicht

Since Firefox 48 cannot connect directly -- it doesn't have either of the required ciphers -- you would need to connect indirectly through a proxy. The proxy would accept your lower security connection, and would make a higher security connection with the target website.

Common proxies include security programs that intercept and filter your web connection, but I don't know if they will work in this situation. You could test one out, just be aware that you may need to restart your system or use an option in the software to set up Firefox to trust it (proxies generate fake website certificates). This help article lists some of the common ones: How to troubleshoot security error codes on secure websites.

Since Firefox 48 cannot connect directly -- it doesn't have either of the required ciphers -- you would need to connect indirectly through a proxy. The proxy would accept your lower security connection, and would make a higher security connection with the target website. Common proxies include security programs that intercept and filter your web connection, but I don't know if they will work in this situation. You could test one out, just be aware that you may need to restart your system or use an option in the software to set up Firefox to trust it (proxies generate fake website certificates). This help article lists some of the common ones: [[How to troubleshoot security error codes on secure websites]].