X
Tap here to go to the mobile version of the site.

Support Forum

almost no sites work in newest firefox release on arch linux

Posted

it gives me a NS_ERROR_NET_INADEQUATE_SECURITY error when i go to any google owned sites or even mozzila.org. somehow support.mozzila.org still works though. i know google is a security risk in general but i have no going anyway option and youtube doesn't work either. most sites dont work but some do like support.mozzila.org or my site shinycreators.com im runnning arch linux on the newest arch linux release of firefox (48.0.1-1)

it gives me a NS_ERROR_NET_INADEQUATE_SECURITY error when i go to any google owned sites or even mozzila.org. somehow support.mozzila.org still works though. i know google is a security risk in general but i have no going anyway option and youtube doesn't work either. most sites dont work but some do like support.mozzila.org or my site shinycreators.com im runnning arch linux on the newest arch linux release of firefox (48.0.1-1)

Chosen solution

Do you use a proxy server or other intermediary? You could check whether you have Firefox set to use a proxy server and switch that off as a test. You can do that on the Preferences page:

"3-bar" menu button (or Edit menu) > Preferences

In the left column, click Advanced. On the right side, click the "Network" mini-tab and then the "Settings" button.

Anything unexpected here? You could try "No proxy" to see whether that helps.


This message seems to be associated with sites using the HTTP/2 protocol (only recently supported in Firefox) but not using an appropriate level of security for that protocol. So one option would be to set Firefox NOT to use http/2 so sites fall back to http/1.1. If it works, it would leave the mystery unsolved, and I think it's better to solve the mystery in case it's someone/something spying on you, but I'll give you the steps anyway:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste spd and pause while the list is filtered

(3) Double-click the network.http.spdy.enabled.http2 preference to switch the value from true to false

Read this answer in context 43

Additional System Details

Installed Plug-ins

  • This plugin provides integration with GNOME Shell for live extension enabling and disabling. It can be used only by extensions.gnome.org
  • Version: 5.41.0.0
  • Next Generation Java Plug-in 10.79.2 for Mozilla browsers
  • Shockwave Flash 11.2 r202
  • Shockwave Flash 10.1 r999.Gnash 0.8.11dev, the GNU SWF Player. Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. Gnash comes with NO WARRANTY, to the extent permitted by law. You may redistribute copies of Gnash under the terms of the GNU General Public License. For more information about Gnash, see http://www.gnu.org/software/gnash. Compatible Shockwave Flash 10.1 r999.

Application

  • Firefox 48.0.1
  • User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0
  • Support URL: https://support.mozilla.org/1/firefox/48.0.1/Linux/en-US/

Extensions

  • Adblock Plus 2.7.3 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • Amazon Smile Redirect 0.1.1.1-signed.1-signed (jid1-VgrLFatWWJY3DA@jetpack)
  • Firefox Hello 1.4.4 (loop@mozilla.org)
  • Multi-process staged rollout 1.1 (e10srollout@mozilla.org)
  • Pocket 1.0.4 (firefox@getpocket.com)
  • Novell Moonlight 3.99.0.3 (moonlight@novell.com) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: X.Org -- Gallium 0.4 on AMD KABINI (DRM 2.43.0 / 4.6.4-1-ARCH, LLVM 3.8.1)
  • adapterDeviceID: Gallium 0.4 on AMD KABINI (DRM 2.43.0 / 4.6.4-1-ARCH, LLVM 3.8.1)
  • adapterDrivers:
  • adapterRAM:
  • adapterVendorID: X.Org
  • driverDate:
  • driverVersion: 3.0 Mesa 12.0.1
  • info: {u'AzureCanvasAccelerated': 0, u'AzureCanvasBackend': u'skia', u'AzureFallbackCanvasBackend': u'none', u'CairoUseXRender': 0, u'AzureContentBackend': u'cairo'}
  • numAcceleratedWindows: 0
  • numAcceleratedWindowsMessage: [u'']
  • numTotalWindows: 1
  • supportsHardwareH264: No
  • webglRenderer: X.Org -- Gallium 0.4 on AMD KABINI (DRM 2.43.0 / 4.6.4-1-ARCH, LLVM 3.8.1)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Basic

Modified Preferences

Misc

  • User JS: No
  • Accessibility: No
jscher2000
  • Top 10 Contributor
8885 solutions 72681 answers

Chosen Solution

Do you use a proxy server or other intermediary? You could check whether you have Firefox set to use a proxy server and switch that off as a test. You can do that on the Preferences page:

"3-bar" menu button (or Edit menu) > Preferences

In the left column, click Advanced. On the right side, click the "Network" mini-tab and then the "Settings" button.

Anything unexpected here? You could try "No proxy" to see whether that helps.


This message seems to be associated with sites using the HTTP/2 protocol (only recently supported in Firefox) but not using an appropriate level of security for that protocol. So one option would be to set Firefox NOT to use http/2 so sites fall back to http/1.1. If it works, it would leave the mystery unsolved, and I think it's better to solve the mystery in case it's someone/something spying on you, but I'll give you the steps anyway:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste spd and pause while the list is filtered

(3) Double-click the network.http.spdy.enabled.http2 preference to switch the value from true to false

Do you use a proxy server or other intermediary? You could check whether you have Firefox set to use a proxy server and switch that off as a test. You can do that on the Preferences page: "3-bar" menu button (or Edit menu) > Preferences In the left column, click Advanced. On the right side, click the "Network" mini-tab and then the "Settings" button. Anything unexpected here? You could try "No proxy" to see whether that helps. ---- This message seems to be associated with sites using the HTTP/2 protocol (only recently supported in Firefox) but not using an appropriate level of security for that protocol. So one option would be to set Firefox NOT to use http/2 so sites fall back to http/1.1. If it works, it would leave the mystery unsolved, and I think it's better to solve the mystery in case it's someone/something spying on you, but I'll give you the steps anyway: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful. (2) In the search box above the list, type or paste '''spd''' and pause while the list is filtered (3) Double-click the '''network.http.spdy.enabled.http2''' preference to switch the value from true to false

Question owner

Nah. Ended up just downgrading

Nah. Ended up just downgrading
jscher2000
  • Top 10 Contributor
8885 solutions 72681 answers

Okay, but in the interest of science and in 30 seconds or less, could you take a look at the certificate for https://www.youtube.com/? You can call that up in the Page Info dialog using either:

  • right-click (on Mac Ctrl+click) a blank area of the page and choose View Page Info > Security > "View Certificate"
  • (menu bar) Tools > Page Info > Security > "View Certificate"
  • click the padlock or "i" icon in the address bar, then the ">" button, then More Information, and finally the "View Certificate" button

Check the indicated areas in the attached screenshot for any variance that could indicate an intermediary. Anything interesting?

Okay, but in the interest of science and in 30 seconds or less, could you take a look at the certificate for [https://www.youtube.com/]? You can call that up in the Page Info dialog using either: * right-click (on Mac Ctrl+click) a blank area of the page and choose View Page Info > Security > "View Certificate" * (menu bar) Tools > Page Info > Security > "View Certificate" * click the padlock or "i" icon in the address bar, then the ">" button, then More Information, and finally the "View Certificate" button Check the indicated areas in the attached screenshot for any variance that could indicate an intermediary. Anything interesting?
default50 0 solutions 2 answers

Helpful Reply

guymanforget said

it gives me a NS_ERROR_NET_INADEQUATE_SECURITY error when i go to any google owned sites or even mozzila.org. somehow support.mozzila.org still works though. i know google is a security risk in general but i have no going anyway option and youtube doesn't work either. most sites dont work but some do like support.mozzila.org or my site shinycreators.com im runnning arch linux on the newest arch linux release of firefox (48.0.1-1)

I have exactly the same issue trying to get to any HTTPS for google.com or facebook.com (maybe other sites as well).

I'm running Firefox 48 from Debian testing.

jscher2000 said

This message seems to be associated with sites using the HTTP/2 protocol (only recently supported in Firefox) but not using an appropriate level of security for that protocol. So one option would be to set Firefox NOT to use http/2 so sites fall back to http/1.1. If it works, it would leave the mystery unsolved, and I think it's better to solve the mystery in case it's someone/something spying on you, but I'll give you the steps anyway: (1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful. (2) In the search box above the list, type or paste spd and pause while the list is filtered (3) Double-click the network.http.spdy.enabled.http2 preference to switch the value from true to false

I tried disabling HTTP/2 as suggested and it worked.

I think this issue is pretty serious and should be treated as a security concern because for some sites I was being redirected to some shady sites while this was enabled.

Let me know if you want me to do some testing.

''guymanforget [[#question-1136120|said]]'' <blockquote> it gives me a NS_ERROR_NET_INADEQUATE_SECURITY error when i go to any google owned sites or even mozzila.org. somehow support.mozzila.org still works though. i know google is a security risk in general but i have no going anyway option and youtube doesn't work either. most sites dont work but some do like support.mozzila.org or my site shinycreators.com im runnning arch linux on the newest arch linux release of firefox (48.0.1-1) </blockquote> I have exactly the same issue trying to get to any HTTPS for google.com or facebook.com (maybe other sites as well). I'm running Firefox 48 from Debian testing. ''jscher2000 [[#question-1136120|said]]'' <blockquote> This message seems to be associated with sites using the HTTP/2 protocol (only recently supported in Firefox) but not using an appropriate level of security for that protocol. So one option would be to set Firefox NOT to use http/2 so sites fall back to http/1.1. If it works, it would leave the mystery unsolved, and I think it's better to solve the mystery in case it's someone/something spying on you, but I'll give you the steps anyway: (1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful. (2) In the search box above the list, type or paste spd and pause while the list is filtered (3) Double-click the network.http.spdy.enabled.http2 preference to switch the value from true to false </blockquote> I tried disabling HTTP/2 as suggested and it worked. I think this issue is pretty serious and should be treated as a '''security concern''' because for some sites I was being redirected to some shady sites while this was enabled. Let me know if you want me to do some testing.
jscher2000
  • Top 10 Contributor
8885 solutions 72681 answers

Hi default50, do you use any "man in the middle" software or services? In particular, security software that filters HTTPS connections or proxy servers?

Hi default50, do you use any "man in the middle" software or services? In particular, security software that filters HTTPS connections or proxy servers?
default50 0 solutions 2 answers

jscher2000 said

Hi default50, do you use any "man in the middle" software or services? In particular, security software that filters HTTPS connections or proxy servers?

No, I do not have anything like that. I have a home broadband connection provided by Virgin Media in Ireland. A cablemodem acting as a WiFi AP and router is my gateway. The only "odd" thing is that I have an IPv6 address using DSLite, so I may be NAT'ted, but for destinations on IPv4, which Google or Facebook are not.

I just tested browsing from my laptop through my 4G phone tethered by Bluetooth and I got the same result, only worked with network.http.spdy.enabled.http2;false.

I also used this site for testing.

Firefox 48.0.1 on a Mac OS X 10.11 is not showing the same.

''jscher2000 [[#answer-914317|said]]'' <blockquote> Hi default50, do you use any "man in the middle" software or services? In particular, security software that filters HTTPS connections or proxy servers? </blockquote> No, I do not have anything like that. I have a home broadband connection provided by Virgin Media in Ireland. A cablemodem acting as a WiFi AP and router is my gateway. The only "odd" thing is that I have an IPv6 address using DSLite, so I may be NAT'ted, but for destinations on IPv4, which Google or Facebook are not. I just tested browsing from my laptop through my 4G phone tethered by Bluetooth and I got the same result, only worked with network.http.spdy.enabled.http2;false. I also used [https://spdy.centminmod.com/flags.html this site] for testing. Firefox 48.0.1 on a Mac OS X 10.11 is not showing the same.
jscher2000
  • Top 10 Contributor
8885 solutions 72681 answers

Do you have any non-default settings for secure connection-related preferences? To check:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste TLS and pause while the list is filtered

(3) If you have any "user set" preferences here, try using the default values (right-click context menu > Reset)

(4) In the search box above the list, type or paste SECURITY.SSL and pause while the list is filtered

(5) If you have any "user set" preferences here, try using the default values (right-click context menu > Reset), however, it's okay to set these to false (this helps mitigate Logjam issues):

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha
Do you have any non-default settings for secure connection-related preferences? To check: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful. (2) In the search box above the list, type or paste '''TLS''' and pause while the list is filtered (3) If you have any "user set" preferences here, try using the default values (right-click context menu > Reset) (4) In the search box above the list, type or paste '''SECURITY.SSL''' and pause while the list is filtered (5) If you have any "user set" preferences here, try using the default values (right-click context menu > Reset), however, it's okay to set these to false (this helps mitigate Logjam issues): * security.ssl3.dhe_rsa_aes_128_sha * security.ssl3.dhe_rsa_aes_256_sha