Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

I get ssl_error_no_cypher_overlap error accessing our internal web sites. It works on FF 24.8.1 but I get error with 38.3. Verified no chages in about:config

  • 32 replies
  • 3 have this problem
  • 164 views
  • Last reply by jscher2000

more options

It works on IE and FF 24.8.1 but I get error with 38.3.

I have verified there are no chages in about:config.

I have tried to change the enforcement (security.cert_pinning.enforcement_level) to 0 and it did not work. Set it back to 1.

IE and FF 24.8.1 both ask to add the exception. FF 38.3 does not.

I am running on Win2008 R2.

All Replies (20)

more options

Since we can't get hands on with this site...

I assume all Firefox users get this on the internal sites, even with newer and non-server versions of Windows?

If you open Firefox's Web Console in the lower part of the tab, either

  • Ctrl+Shift+k or
  • "3-bar" menu button > Developer > Web Console

then reload the error page, does the console provide any additional detail about the problem?

And/or, do you have Google Chrome installed? If you visit the site in Google Chrome, click the padlock icon in the address bar, and then "Connection" on the drop-down panel, could you post its diagnosis of the strength of the site's security? That may flag up an issue that Firefox is not explaining as well as it could.

more options

What connection settings are used if you check the Security tab in the Network Monitor (3-bar Menu button or Tools > Web Developer) in Firefox 38?

more options

Nothing shows up in the Console window

more options

I do not get the "Security Tab".

more options

We are not allowed to load Google Chrome.  :-(

more options

dooley0008 said

I do not get the "Security Tab".

The security tab should appear on the right side (after various other tabs such as Rules, Computed...) if you click an HTTPS connection in the Network Monitor. (It was added in Firefox 37, so should be in your version.) If that connection does not appear, try reloading the page in the top part of the tab.

more options

I did that with the same result. See pic.

more options

But if you click that row, no Security tab appears on the right?

Also, you may want to edit that image since it lists the server address in the blue title bar area.

more options

The Security tab is only there if you connect via a secure HTTPS connection and not if you use an open HTTP connection.

more options

An error occurred during a connection to east-web.mt.att.com:9443.

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

more options

I over layed the address with the name on the pic and messages. Thanks for thinking about that.

more options

I did not click on the line. Once I did it appeared.

more options

jscher - do you want a private conversation? I may be able to show you my screen.

more options

Hmm, that doesn't tell us anything new.

If this is an old IIS server, it's possible that it only supports RC4 ciphers, which Firefox deprecated around the release of Firefox 38. What happens if you toggle this setting:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste rc4 and pause while the list is filtered

(3) Double-click the security.tls.unrestricted_rc4_fallback preference to switch it from the default value of false to true

You may need to clear cache before this takes effect on a server Firefox previously refused to connect to. See: How to clear the Firefox cache.

more options

It was already set to "true" by default. All the rc4 options are true by default.

more options

dooley0008 said

It was already set to "true" by default. All the rc4 options are true by default.

Hmm, that setting might be unique to the ESR release. (It's normal for the others to be true by default.)

There were just so many changes between Firefox 24 and 38, which was quite a while ago, so I can't remember all the possible fixes. Here's one I found in a search that made Firefox 37 behave more like Firefox 36 with the combination of TLS 1.0 + RC4 cipher:

(1) Copy the host name of the server address. This is the part between the https:// protocol and the next / character, and not including either of those.

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste tls and pause while the list is filtered

(4) Double-click the security.tls.insecure_fallback_hosts preference to display a box where you can paste the copied host name. If you have something here already, add a comma at the end before pasting to separate the new host name from the previous name(s). Then click OK to save the change.

Then try reloading the site.

more options

Same result

more options

Here are the tls options

more options

Does that server support TLS 1.0 and higher or only SSL3?

What does it say in "Tools > Page Info > Security" in Firefox 24?

The SSleuth works from Firefox 25 and later, so won't of much use either just like the Network Monitor.

more options

Does Google Chrome work on your operating system?

  1. 1
  2. 2