This thread was archived. Please ask a new question if you need help.
"Authenticity of received data could not be verified" This is the message when I try to sign in at my office. at https://corect.ct.gov:10000/psp/PEPRD/?cmd=log
Others are having the same problem. This is a Connecticut State web site for employees. The message is that the authenticity could not be verified when we click on the sign in link. I'm asking for a solution from Mozilla since the forum suggestions don't work and access through Explorer works fine.
This is important. We are told that Explorer is not the most secure browser. But if Firefox cannot display the sign in then we have no other choice.
The suggestion from "cor-el from March that we open the "about:config" page via the location bar doesn't work. It sends you to a Yahoo search site. And Firefox can't find "security.tis.insecure_fallback_hosts" that was suggested
Typing "about:config" (without the quotes) should open the config editor. The string "security.tis.insecure_fallback_hosts" should be "security.tls.insecure_fallback_hosts". If you do a search for that, you should get something. This page might be useful: http://wiki.centos.org/TipsAndTricks/Firefox38onCentOSRead this answer in context 👍 0
All Replies (5)
Typing "about:config" (without the quotes) should open the config editor. The string "security.tis.insecure_fallback_hosts" should be "security.tls.insecure_fallback_hosts". If you do a search for that, you should get something. This page might be useful: http://wiki.centos.org/TipsAndTricks/Firefox38onCentOS
As noted above it's the lower case of TLS, not the lower case of TIS.
(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character or : character, and not including either of those. In this case: corect.ct.gov
(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(3) In the search box above the list, type or paste tls (or TLS) and pause while the list is filtered
(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.
When you reload that site, Firefox 38.0.5 will now display the page like Firefox 36. Instead of a gray padlock, you should see the gray exclamation triangle warning icon, indicating a problem with the connection. In this case, the problem is that the server uses an RC4 cipher and TLS 1.0, a combination which Firefox 36 and higher treat as insecure/hackable.
If Firefox will not open about:config from the address bar, you can try launching it from the Windows Start menu search box. Paste the following and press Enter:
firefox.exe -url "about:config"
Does that work any better?
Finitarry and Jecher 2000:
I waited until this morning to try again. I first tried to access CORE-CT thru Explorer. That worked fine. I then tried again with Mozilla. This time it went through without a problem, and without having to go through "about config" and "security tls insecure__fallback_hosts". I then tried to access "about config" as you both recommended and voi-la!, that worked without any problems. I appreciate the help and I am printing both of your solutions for a time when the issue arises again. Thank you so much. But can anyone tell me why it resolved itself from yesterday to today. This was a frustrating predicament since I was trying to log in to my work site.
The site currently connects via TLS 1.2 for me, so no longer it is necessary to use a workaround.
- Connection Encrypted (TLS_RSA_WITH_AES_256_CBC_SHA, 256 bit keys, TLS 1.2)
You can reset the security.tls.insecure_fallback_hosts pref via the right-click context menu if you have modified the pref.